summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore4
-rw-r--r--.task/backlog.data5
-rw-r--r--.task/pending.data1
-rw-r--r--.task/undo.data19
-rw-r--r--ChangeLog11
-rw-r--r--Makefile6
-rwxr-xr-xkeyringer2
-rwxr-xr-xlib/keyringer/actions/genkeys5
-rwxr-xr-xlib/keyringer/actions/pass20
-rw-r--r--share/man/keyringer.154
-rw-r--r--tasks.md4
11 files changed, 96 insertions, 35 deletions
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index c521af8..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-tarballs
-www
-.ikiwiki
-build-area
diff --git a/.task/backlog.data b/.task/backlog.data
index d047ddf..8681994 100644
--- a/.task/backlog.data
+++ b/.task/backlog.data
@@ -66,3 +66,8 @@
{"description":"Merge OpenBSD patches","entry":"20180522T173012Z","modified":"20180530T173542Z","project":"keyringer","status":"pending","tags":["important"],"uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"}
{"description":"Merge OpenBSD patches","entry":"20180522T173012Z","modified":"20180530T173559Z","project":"keyringer","status":"pending","uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"}
{"description":"Merge OpenBSD patches","end":"20180530T174450Z","entry":"20180522T173012Z","modified":"20180530T174450Z","project":"keyringer","status":"completed","uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"}
+{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T165944Z","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"}
+{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T170601Z","priority":"M","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"}
+{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T170617Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"}
+{"description":"description","entry":"20210523T165944Z","modified":"20210523T170708Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"}
+{"description":"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b","entry":"20210523T165944Z","modified":"20210523T170815Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"}
diff --git a/.task/pending.data b/.task/pending.data
index 55a1f53..f9eb022 100644
--- a/.task/pending.data
+++ b/.task/pending.data
@@ -45,3 +45,4 @@
[description:"(bw)Is#59 - Hidden service howto .. https:\/\/keyringer.pw\/trac\/ticket\/59" entry:"1527005932" modified:"1527005932" priority:"L" project:"keyringer" status:"pending" traccomponent:"usability" tracnumber:"59" tracsummary:"Hidden service howto" tracurl:"https:\/\/keyringer.pw\/trac\/ticket\/59" uuid:"10e30d99-7c65-45af-9d72-d67b93966e5f"]
[description:"(bw)Is#67 - Document tips .. https:\/\/keyringer.pw\/trac\/ticket\/67" entry:"1527005932" modified:"1527005932" priority:"L" project:"keyringer" status:"pending" traccomponent:"usability" tracnumber:"67" tracsummary:"Document tips" tracurl:"https:\/\/keyringer.pw\/trac\/ticket\/67" uuid:"e45c7e62-d550-437d-9393-b9944220cb67"]
[description:"Build static HTML report from taskwarrior" entry:"1527010498" modified:"1527010498" project:"keyringer" status:"pending" uuid:"5a63f746-48b2-4a16-a61b-81e8bcaeae27"]
+[description:"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b" entry:"1621789184" modified:"1621789695" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
diff --git a/.task/undo.data b/.task/undo.data
index 27855a7..ebe9068 100644
--- a/.task/undo.data
+++ b/.task/undo.data
@@ -222,3 +222,22 @@ time 1527702290
old [description:"Merge OpenBSD patches" entry:"1527010212" modified:"1527701759" project:"keyringer" status:"pending" uuid:"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"]
new [description:"Merge OpenBSD patches" end:"1527702290" entry:"1527010212" modified:"1527702290" project:"keyringer" status:"completed" uuid:"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"]
---
+time 1621789184
+new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789184" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+---
+time 1621789561
+old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789184" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789561" priority:"M" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+---
+time 1621789577
+old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789561" priority:"M" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789577" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+---
+time 1621789628
+old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789577" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+new [description:"description" entry:"1621789184" modified:"1621789628" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+---
+time 1621789695
+old [description:"description" entry:"1621789184" modified:"1621789628" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+new [description:"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b" entry:"1621789184" modified:"1621789695" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"]
+---
diff --git a/ChangeLog b/ChangeLog
index 892b99d..0ce5aa6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2021-07-03 - 0.5.6 - Silvio Rhatto <rhatto@riseup.net>
+
+ Fix Debian bug #990255: keyringer incorrectly tries to use vim settings from
+ '/usr/bin/../share/keyringer/editors/vim'
+
+ Adds "pass" action behaving like pass(1) for outputing single-line secrets.
+
+2020-01-18 - develop - Silvio Rhatto <rhatto@riseup.net>
+
+ Install zsh completion in the default path
+
2019-03-25 - 0.5.5 - Silvio Rhatto <rhatto@riseup.net>
Adds COMMIT_AFTER_ENCRYPT setting
diff --git a/Makefile b/Makefile
index 53dd921..7311363 100644
--- a/Makefile
+++ b/Makefile
@@ -28,8 +28,8 @@ install_lib:
$(INSTALL) -D -m 0755 lib/keyringer/functions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/functions
$(INSTALL) -D -m 0755 -d lib/keyringer/actions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions
$(INSTALL) -D -m 0755 lib/keyringer/actions/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions
- $(INSTALL) -D -m 0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
- $(INSTALL) -D -m 0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors
+ $(INSTALL) -D -m 0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/share/$(PACKAGE)/editors
+ $(INSTALL) -D -m 0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/share/$(PACKAGE)/editors
install_bin:
$(INSTALL) -D -m 0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer
@@ -43,7 +43,7 @@ install_man:
install_completion:
$(INSTALL) -D -m 0644 lib/keyringer/completions/bash/keyringer $(DESTDIR)/$(PREFIX)/share/bash-completion/completions/keyringer
- $(INSTALL) -D -m 0644 lib/keyringer/completions/zsh/_keyringer $(DESTDIR)/$(PREFIX)/share/zsh/vendor-completions/_keyringer
+ $(INSTALL) -D -m 0644 lib/keyringer/completions/zsh/_keyringer $(DESTDIR)/$(PREFIX)/share/zsh/site-functions/_keyringer
install: clean
@make install_lib install_bin install_doc install_man install_completion
diff --git a/keyringer b/keyringer
index 4c3570d..8c1faf2 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.5.5"
+KEYRINGER_VERSION="0.5.6"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index addd10d..d9af46a 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -185,6 +185,11 @@ EOF
openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
fi
+ # Show CSR
+ if [ "$KEYTYPE" != "ssl-self" ] || [ "$KEYTYPE" != "x509-self" ]; then
+ cat "$TMPWORK/${NODE}_csr.pem"
+ fi
+
echo "Done"
}
diff --git a/lib/keyringer/actions/pass b/lib/keyringer/actions/pass
new file mode 100755
index 0000000..7bca7d5
--- /dev/null
+++ b/lib/keyringer/actions/pass
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#
+# Behave like pass(1), outputing just the first line of a secret.
+#
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" read $* || exit 1
+
+# Get file
+keyringer_get_file "$2"
+
+# Decrypt
+pass="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null | head -n 1)"
+
+# Output password
+echo "$pass"
+
+# Exit
+exit "$?"
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 16cceb7..def8c38 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pandoc 1.17.2
+.\" Automatically generated by Pandoc 2.2.1
.\"
.TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" ""
.hy
@@ -7,7 +7,7 @@
keyringer \- encrypted and distributed secret sharing software
.SH SYNOPSIS
.PP
-keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
+keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]\&...
.SH DESCRIPTION
.PP
Keyringer lets you manage and share secrets using GnuPG and Git in a
@@ -66,7 +66,7 @@ applied in the keyring repository.
.RE
.TP
.B commit [\f[I]arguments\f[]]
-Alias to "git commit".
+Alias to \[lq]git commit\[rq].
.RS
.RE
.TP
@@ -102,7 +102,7 @@ where all other actions can be called and are operated from the current
selected keyring.
.RS
.PP
-An additional "cd" internal command is available for directory
+An additional \[lq]cd\[rq] internal command is available for directory
navigation.
.PP
All <\f[I]secret\f[]> parameters from actions invoked from the shell are
@@ -189,8 +189,8 @@ variable and then re\-encrypting it.
.RS
.PP
Please make sure to use an
-\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[]*EDITOR\f[]
-is set to VIM and disables the \f[I]\&.viminfo\f[] file.
+\f[I]\f[]E\f[I]\f[]D\f[I]\f[]I\f[I]\f[]T\f[I]\f[]O\f[I]\f[]R\f[I] * \f[]w\f[I]\f[]h\f[I]\f[]i\f[I]\f[]c\f[I]\f[]h\f[I]\f[]d\f[I]\f[]o\f[I]\f[]e\f[I]\f[]s\f[I]\f[]n\f[I]\f[]o\f[I]\f[]t\f[I]\f[]l\f[I]\f[]e\f[I]\f[]a\f[I]\f[]k\f[I]\f[]d\f[I]\f[]a\f[I]\f[]t\f[I]\f[]a\f[I]\f[]l\f[I]\f[]i\f[I]\f[]k\f[I]\f[]e\f[I]\f[]h\f[I]\f[]i\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]r\f[I]\f[]y\f[I]\f[]b\f[I]\f[]u\f[I]\f[]f\f[I]\f[]f\f[I]\f[]e\f[I]\f[]r\f[I]\f[]s\f[I].\f[]K\f[I]\f[]e\f[I]\f[]y\f[I]\f[]r\f[I]\f[]i\f[I]\f[]n\f[I]\f[]g\f[I]\f[]e\f[I]\f[]r\f[I]\f[]t\f[I]\f[]r\f[I]\f[]i\f[I]\f[]e\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]d\f[I]\f[]e\f[I]\f[]t\f[I]\f[]e\f[I]\f[]c\f[I]\f[]t\f[I]\f[]i\f[I]\f[]f\f[I]*EDITOR\f[]
+is set to VIM and disables the \f[I].viminfo\f[] file.
.RE
.TP
.B encrypt <\f[I]secret\f[]> [\f[I]file\f[]]
@@ -198,7 +198,7 @@ Encrypts content from standard input or \f[I]file\f[] into
\f[I]secret\f[] pathname.
No spaces are supported in the \f[I]secret\f[] name.
If \f[I]file\f[] is actually a folder, keyringer will recursivelly
-encrypt all it\[aq]s contents.
+encrypt all it's contents.
.RS
.RE
.TP
@@ -297,9 +297,9 @@ comments.
List, edit or add \f[I]user\f[] preferences for a given repository.
.RS
.PP
-User preferences are settings which are saved in the user\[aq]s
-keyringer folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the
-other users.
+User preferences are settings which are saved in the user's keyringer
+folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the other
+users.
.PP
Preferences are written using the \f[I]KEY=VALUE\f[] syntax.
All lines starting with the hash (#) character are interpreted as
@@ -328,17 +328,17 @@ Keyringer uses a default recipients file, but specifying a custom
\f[I]recipients\-file\f[] pathname will override this default.
.PP
For instance, if a user encrypts a secret to a file in the keyring
-repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[]
+repository's \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[]
under \f[I]accounting\f[] will be used.
Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result
in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[]
encrypted using the public keys listed in the config
file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
.PP
-Each line in a recipients file has entries in the format
-\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where
-\f[I]john\@doe.com\f[] is an alias for the OpenPGP public key whose
-fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[]
+Each line in a recipients file has entries in the format `john\@doe.com
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where \f[I]john\@doe.com\f[]
+is an alias for the OpenPGP public key whose fingerprint is
+\f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[]
.PP
All lines starting with the hash (#) character are interpreted as
comments.
@@ -364,7 +364,7 @@ to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder.
.SH FILES
.TP
.B $HOME/.keyringer/config
-User\[aq]s main configuration file used to map alias names to keyrings.
+User's main configuration file used to map alias names to keyrings.
.RS
.RE
.TP
@@ -386,11 +386,13 @@ Metadata is not encrypted, meaning that an attacker with access to a
keyringer repository can discover all public key IDs used for
encryption, and which secrets are encrypted to which keys.
This can be improved in the future by encrypting the repository
-configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG
+configuration with support for the \f[I]\[en]hidden\-recipient\f[] GnuPG
option and encrypted repository options.
+.RS 4
.PP
-To mitigate that, it\[aq]s possible to keep the repo just atop of an
+To mitigate that, it's possible to keep the repo just atop of an
encrypted and non\-public place.
+.RE
.IP "2." 3
History is not rewritten by default when secrets are removed from a
keyringer repository.
@@ -398,14 +400,14 @@ After a secret is removed with the \f[I]del\f[] action, it will still be
available in the repository history even after a commit.
This is by design for the following reasons:
.IP \[bu] 2
-It\[aq]s the default behavior of the Git content tracker.
+It's the default behavior of the Git content tracker.
Forcing the deletion by default could break the expected behavior and
-hence limit the repository\[aq]s backup features, which can be helpful
-if someone mistakenly overwrites a secret.
+hence limit the repository's backup features, which can be helpful if
+someone mistakenly overwrites a secret.
.IP \[bu] 2
History rewriting cannot be considered a security measure against the
-unauthorized access to a secret as it doesn\[aq]t automatically update
-all working copies of the repository.
+unauthorized access to a secret as it doesn't automatically update all
+working copies of the repository.
.RS 2
.PP
In the case that the secret is a passphrase, the recommended measure
@@ -419,13 +421,15 @@ using the \f[I]git\f[] action.
Keyringer does not protect data which were not encrypted to a keyring,
so be careful when decrypting secrets and writing them to the disk or
other storage media.
+.RS 4
.PP
Pay special attention that keyringer outputs data to stdout, which could
be easily spotted by any agent looking directly at you computer screen.
.PP
The xclip action even copies secret data to the X11 clipboard, which can
-be accessed by any application running in the user\[aq]s X11 session, so
-use this feature carefully.
+be accessed by any application running in the user's X11 session, so use
+this feature carefully.
+.RE
.SH SEE ALSO
.PP
The \f[I]README\f[] file distributed with Keyringer contains full
diff --git a/tasks.md b/tasks.md
index 17f8de1..2d9beec 100644
--- a/tasks.md
+++ b/tasks.md
@@ -13,7 +13,7 @@ Current issue tracker: [Taskwarrior](https://taskwarrior.org/) with data stored
sudo apt install trac-xmlrpc
trac-admin . config set components tracrpc.* enabled
- trac-admin . permission add authenticated XML_RPC
+ trac-admin . permission add authenticated XML_RPC
## Client side
@@ -26,7 +26,7 @@ Current issue tracker: [Taskwarrior](https://taskwarrior.org/) with data stored
* https://bugwarrior.readthedocs.io/en/latest/common_configuration.html#envvar-BUGWARRIORRC
* https://bugwarrior.readthedocs.io/en/latest/services/trac.html
-* https://bugwarrior.readthedocs.io/en/latest/configuration.html#example-configuration
+* https://bugwarrior.readthedocs.io/en/latest/configuration.html#example-configuration
* https://bugwarrior.readthedocs.io/en/latest/using.html
* https://trac.edgewall.org/wiki/TracPlugins
* https://trac-hacks.org/wiki/XmlRpcPlugin