summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog16
-rw-r--r--Makefile13
l---------README.md (renamed from README)0
-rw-r--r--development.mdwn15
-rw-r--r--ikiwiki.setup216
-rw-r--r--index.mdwn6
-rwxr-xr-xkeyringer2
-rwxr-xr-xlib/keyringer/actions/mv3
-rwxr-xr-xlib/keyringer/actions/sclip23
-rwxr-xr-xlib/keyringer/functions29
-rw-r--r--share/man/keyringer.154
11 files changed, 324 insertions, 53 deletions
diff --git a/ChangeLog b/ChangeLog
index 2462e45..5bd3530 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2016-11-09 - 0.4.0 - Silvio Rhatto <rhatto@riseup.net>
+
+ Adopts Semantic Versioning
+
+ Do not rely on git-flow
+
+ Adds sclip action
+
+ Ensure destination path exists at mv action
+
+ Allow @ at file names
+
+ Slightly more interactive keyringer_get_file
+
+ Updates URLs and static site generation.
+
2015-03-30 - 0.3.8 - Silvio Rhatto <rhatto@riseup.net>
Eliminates hardcoded bash path, reported and fixed by
diff --git a/Makefile b/Makefile
index 07513f2..b503b68 100644
--- a/Makefile
+++ b/Makefile
@@ -34,7 +34,7 @@ install_bin:
$(INSTALL) -D --mode=0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer
install_doc:
- $(INSTALL) -D --mode=0644 index.mdwn $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/README
+ $(INSTALL) -D --mode=0644 index.mdwn $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/README.md
$(INSTALL) -D --mode=0644 LICENSE $(DESTDIR)/$(PREFIX)/share/doc/$(PACKAGE)/LICENSE
install_man:
@@ -64,8 +64,9 @@ release:
# https://github.com/nvie/gitflow/pull/160
# https://github.com/nvie/gitflow/issues/50
#git flow release finish -s -m "Keyringer $(VERSION)" $(VERSION)
- git flow release finish -s $(VERSION)
+ #git flow release finish -s $(VERSION)
git checkout master
+ git merge develop
@make tarball
gpg --use-agent --armor --detach-sign --output $(ARCHIVE)/keyringer-$(VERSION).tar.bz2.asc $(ARCHIVE)/keyringer-$(VERSION).tar.bz2
scp $(ARCHIVE)/keyringer-$(VERSION).tar.bz2* keyringer:/var/sites/keyringer/releases/
@@ -81,3 +82,11 @@ debian:
dch -e
git commit -a -m "Updating debian/changelog"
git-buildpackage --git-tag-only --git-sign-tags
+
+web:
+ @ikiwiki --setup ikiwiki.setup
+
+web_deploy:
+ @rsync -avz --delete www/ blog:/var/sites/keyringer/www/
+
+publish: web web_deploy
diff --git a/README b/README.md
index 9f2fbdb..9f2fbdb 120000
--- a/README
+++ b/README.md
diff --git a/development.mdwn b/development.mdwn
index db67119..49a224c 100644
--- a/development.mdwn
+++ b/development.mdwn
@@ -8,20 +8,16 @@ Index
Coding standards
----------------
+* Uses Semantic Versioning.
* Respect the existing coding style.
* Be clear: easy audability must be one of keyringer's requirements.
-Development workflow
---------------------
-
-We use [git-flow](https://github.com/nvie/gitflow) for the development workflow.
-
Release workflow
----------------
Go to develop branch and start a new release
- git flow release start VERSION
+ git checkout develop
Prepare the source code:
@@ -33,6 +29,10 @@ Create and upload a new release:
make release
+Tag the release:
+
+ git tag -s $(VERSION) -m "Keyringer $(VERSION)"
+
Update the debian branch:
make debian
@@ -74,7 +74,7 @@ Test environment
Setup:
- keyringer test init ~/code/tests/keyringer
+ keyringer test init ~/temp/tests/keyringer
Teardown:
@@ -99,3 +99,4 @@ References
* [Generating pristine tarballs from git repositories](http://joeyh.name/blog/entry/generating_pristine_tarballs_from_git_repositories/).
* [Debian Packaging](https://wiki.debian.org/Packaging).
* [Debian Upstream Guide](https://wiki.debian.org/UpstreamGuide).
+* [DanielKahnGillmor/preferred_packaging - Debian Wiki](https://wiki.debian.org/DanielKahnGillmor/preferred_packaging).
diff --git a/ikiwiki.setup b/ikiwiki.setup
new file mode 100644
index 0000000..f316524
--- /dev/null
+++ b/ikiwiki.setup
@@ -0,0 +1,216 @@
+#!/usr/bin/perl
+# Configuration file for ikiwiki.
+# Passing this to ikiwiki --setup will make ikiwiki generate wrappers and
+# build the wiki.
+#
+# Remember to re-run ikiwiki --setup any time you edit this file.
+
+use IkiWiki::Setup::Standard {
+ wikiname => "Keyringer: encrypted and distributed secret sharing software",
+ adminuser => ["keyringer", ],
+ adminemail => 'rhatto@keyringer.pw',
+
+ # Be sure to customise these..
+ srcdir => ".",
+ destdir => "www",
+
+ url => "https://keyringer.pw",
+ cgiurl => "https://keyringer.pw/ikiwiki.cgi",
+ #templatedir => "/usr/share/ikiwiki/templates",
+ #underlaydir => "/usr/share/ikiwiki/basewiki",
+
+ # Subversion stuff.
+ #rcs => "svn",
+ #historyurl => "http://svn.example.org/trunk/[[file]]",
+ #diffurl => "http://svn.example.org/trunk/[[file]]?root=wiki&amp;r1=[[r1]]&amp;r2=[[r2]]",
+ #svnrepo => "/svn/wiki",
+ #svnpath => "trunk",
+
+ # Git stuff.
+ rcs => "git",
+ historyurl => "https://git.fluxo.info/keyringer/log/[[file]]",
+ diffurl => 'https://git.fluxo.info/keyringer/commit/[[file]]?id=[[sha1_commit]]',
+ #gitorigin_branch => "origin",
+ #gitmaster_branch => "master",
+ # See https://ikiwiki.info/tips/laptop_wiki_with_git/
+ gitorigin_branch => '',
+
+ # Tla stuff.
+ #rcs => "tla"
+ #historyurl => ??,
+ #diffurl => ??,
+
+ # Mercurial stuff.
+ #rcs => "mercurial",
+ #historyurl => "http://localhost:8000/log/tip/[[file]]", # hg serve'd local repository
+ #diffurl => "http://localhost:8000/?fd=[[r2]];file=[[file]]",
+
+ # Bazaar stuff.
+ #rcs => "bzr",
+ #historyurl => "",
+ #diffurl => "http://example.com/revision?start_revid=[[r2]]#[[file]]-s", # using loggerhead
+
+ # Monotone stuff
+ #rcs => "monotone",
+ #mtnkey => "web\@machine.company.com",
+ #historyurl => "http://viewmtn.example.com/branch/head/filechanges/com.example.branch/[[file]]",
+ #diffurl => "http://viewmtn.example.com/revision/diff/[[r1]]/with/[[r2]]/[[file]]",
+ # Set if you want the wiki to sync on update and commit.
+ #mtnsync => 0,
+ # The path to your workspace (defaults to the srcdir itself)
+ # e.g. use if your srcdir is a subdirectory of the workspace.
+ #mtnrootdir => "path/to/root/of/workspace",
+
+ wrappers => [
+ #{
+ # # The cgi wrapper.
+ # cgi => 0,
+ # wrapper => "/var/sites/rhatto/ikiwiki/ikiwiki.cgi",
+ # wrappermode => "06550",
+ # wrappergroup => "www-data",
+ #},
+ #{
+ # # The svn post-commit wrapper.
+ # # Note that this will overwrite any existing
+ # # post-commit hook script, which may not be
+ # # what you want.
+ # wrapper => "/svn/wikirepo/hooks/post-commit",
+ # wrappermode => "04755",
+ # # Log to syslog since svn post-commit hooks
+ # # hide output and errors.
+ # syslog => 1,
+ #},
+ #{
+ # # The git post-update wrapper.
+ # # Note that this will overwrite any existing
+ # # post-update hook script, which may not be
+ # # what you want.
+ # wrapper => "/var/git/repositories/rhatto.git/hooks/post-update",
+ # wrappermode => "06550",
+ # wrappergroup => "git",
+ #},
+ #{
+ # # The monotone netsync hook.
+ # wrapper => "path/to/root/of/workspace/_MTN/ikiwiki-netsync-hook",
+ # wrappermode => "06755",
+ #},
+ ],
+
+ # Default to generating rss feeds for pages with feeds?
+ rss => 1,
+ # Default to generating atom feeds for pages with feeds?
+ #atom => 1,
+ # Allow generating feeds even if not generated by default?
+ #allowrss => 1,
+ #allowatom => 1,
+ # Urls to ping with XML-RPC when feeds are updated
+ #pingurl => [qw{http://rpc.technorati.com/rpc/ping}],
+ # Include discussion links on all pages?
+ discussion => 0,
+ # To exclude files matching a regexp from processing. This adds to
+ # the default exclude list.
+ #exclude => qr/\.wav$/,
+ exclude => qr/www/,
+ # To change the extension used for generated html files.
+ #htmlext => 'htm',
+ # Time format (for strftime)
+ #timeformat => '%c',
+ # Locale to use. Must be a UTF-8 locale.
+ #locale => 'en_US.UTF-8',
+ # Only send cookies over SSL connections.
+ #sslcookie => 1,
+ # Logging settings:
+ #verbose => 1,
+ syslog => 0,
+ # To link to user pages in a subdirectory of the wiki.
+ #userdir => "users",
+ # To create output files named page.html rather than page/index.html.
+ #usedirs => 0,
+ # Simple spam prevention: require an account-creation password.
+ #account_creation_password => "guesswhat",
+ # Cost of generating a password using Authen::Passphrase::BlowfishCrypt
+ #password_cost => 8,
+ # Uncomment to force ikiwiki to run with a particular umask.
+ umask => 002,
+ # Default settings for the recentchanges page.
+ #recentchangespage => "recentchanges",
+ #recentchangesnum => 100,
+ # Use new '!'-prefixed preprocessor directive syntax
+ #prefix_directives => 0,
+ # Attempt to make hardlinks to source files instead of copying them.
+ # Useful if the wiki contains large media files.
+ #hardlink => 1,
+ # Enable use of multimarkdown features in .mdwn files.
+ #multimarkdown => 1,
+
+ # To add plugins, list them here.
+ #add_plugins => [qw{goodstuff search wikitext camelcase
+ # htmltidy fortune sidebar map rst anonok}],
+ add_plugins => [qw{goodstuff sidebar}],
+ # If you want to disable any of the default plugins, list them here.
+ #disable_plugins => [qw{inline htmlscrubber passwordauth openid}],
+ disable_plugins => [qw{openid editpage}],
+ # To add a directory to the perl search path, use this.
+ #libdir => "/home/me/.ikiwiki/",
+
+ # To override environment variable settings, you can list values here.
+ #ENV => {
+ # TZ => "America/New_York",
+ # PATH => "/home/me/bin:/usr/local/bin:/usr/bin:/bin",
+ #},
+
+ # For use with the tag plugin, make all tags be located under a
+ # base page.
+ #tagbase => "tag",
+
+ # For use with the search plugin if the omega cgi is located
+ # somewhere else.
+ #omega_cgi => "/usr/lib/cgi-bin/omega/omega",
+
+ # For use with the openid plugin, to give an url to a page users
+ # can use to signup for an OpenID.
+ #openidsignup => "http://myopenid.com/",
+
+ # For use with the mirrorlist plugin, a list of mirrors.
+ #mirrorlist => {
+ # mirror1 => "http://hostname1",
+ # mirror2 => "http://hostname2/mirror",
+ #},
+
+ # For use with the anonok plugin, a PageSpec specifying what
+ # pages anonymous users can edit
+ #anonok_pagespec => "*",
+
+ # For use with the aggregate plugin, to allow aggregation to be
+ # triggered via the web.
+ #aggregate_webtrigger => 1,
+
+ # For use with the pinger plugin, how many seconds to wait before
+ # timing out.
+ #pinger_timeout => 15.
+
+ # For use with the amazon S3 plugin, your public access key id.
+ #amazon_s3_key_id => 'XXXXXXXXXXXXXXXXXXXX',
+ # And a file holding your secret key. This file *must* not be
+ # readable by others!
+ #amazon_s3_key_file => "/home/me/.hide/.s3_key
+ # The globally unique name of the bucket to use to store the wiki.
+ #amazon_s3_bucket => "mywiki",
+ # A prefix to prepend to each page name.
+ #amazon_s3_prefix => "wiki/",
+ # Uncomment to use the S3 European datacenter.
+ #amazon_s3_location => "EU",
+ # Uncomment if you need to store each index file twice.
+ #amazon_s3_dupindex => 1,
+
+ # For use with the attachment plugin, a program that returns
+ # nonzero if its standard input contains an virus.
+ #virus_checker => "clamdscan -",
+
+ # See https://ikiwiki.info/plugins/po/
+ #po_master_language => 'en|English',
+ #po_slave_languages => [ 'pt|Portuguese' ],
+
+ # See http://ikiwiki.info/plugins/rsync/
+ #rsync_command => 'rsync -qa --delete . keyringer:/var/sites/keyringer/www/',
+}
diff --git a/index.mdwn b/index.mdwn
index a886930..9af057f 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -7,7 +7,7 @@ commands to encrypt, decrypt, recrypt, create key pairs, etc.
- Manpage: [keyringer.1](share/man/keyringer.1)
- License: [GPLv3+](LICENSE)
- Issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac)
-- Tor hidden service: [http://wewbqck6m3ffkn44.onion](http://wewbqck6m3ffkn44.onion)
+- Tor hidden service: [http://4qt45wbulqipigwa.onion](http://4qt45wbulqipigwa.onion)
- Releases: [https://keyringer.pw/releases](releases)
- Contact: rhatto at riseup.net
@@ -21,12 +21,12 @@ Installation
Just clone
- git clone git://git.sarava.org/keyringer.git
+ git clone https//git.fluxo.info/keyringer
And then leave it somewhere, optionally adding it to your `$PATH` environment variable
or package it to your preferred distro.
-If you're using Debian `jessie` or `unstable`, just run
+If you're using Debian `jessie` or newer, just run
apt-get install keyringer
diff --git a/keyringer b/keyringer
index 956bb73..a5ecd67 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.3.8"
+KEYRINGER_VERSION="0.4.0"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/lib/keyringer/actions/mv b/lib/keyringer/actions/mv
index 2324145..e31eb85 100755
--- a/lib/keyringer/actions/mv
+++ b/lib/keyringer/actions/mv
@@ -24,5 +24,8 @@ if ! echo "$ORIG" | grep -q '*' && [ ! -e "$KEYDIR/$RELATIVE_PATH/$ORIG" ]; then
exit 1
fi
+# Ensure destination path exists
+mkdir -p "`dirname $KEYDIR/$RELATIVE_PATH/$DEST`"
+
# Run move command
keyringer_exec git "$BASEDIR" mv "keys/$RELATIVE_PATH/$ORIG" "keys/$FILE"
diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip
new file mode 100755
index 0000000..e4c88fa
--- /dev/null
+++ b/lib/keyringer/actions/sclip
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+#
+# Decrypt secret header to clipboard, sleep and cleanup.
+#
+
+# Load functions
+LIB="`dirname $0`/../functions"
+source "$LIB" || exit 1
+
+# Clip password
+shift
+keyringer $KEYRING xclip $*
+
+# Move to the next window
+if which xdotool &> /dev/null; then
+ xdotool key alt+Tab
+fi
+
+# Sleep
+sleep 5
+
+# Overwrite clipboard
+cat $RANDOM | sha256sum | base64 -d | xclip
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index ab519b2..09b004d 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -430,16 +430,18 @@ function keyringer_get_option {
function keyringer_get_file {
FILE="$(keyringer_filename "$RELATIVE_PATH/$1")"
- if [ -z "$FILE" ]; then
- keyringer_action_usage
- exit 1
- elif [ ! -f "$KEYDIR/$FILE" ]; then
+ if [ ! -f "$KEYDIR/$FILE" ]; then
# Try to find a similar file
+ FILE=""
count=0
candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`)
if [ ! -z "$candidates" ]; then
- echo "Could not find exact match for \"$1\", please choose one of the following secrets:"
+ if [ ! -z "$1" ]; then
+ echo "Could not find exact match for \"$1\""
+ fi
+
+ echo "Choose one of the following or type a pattern:"
echo ""
for candidate in ${candidates[@]}; do
@@ -452,15 +454,20 @@ function keyringer_get_file {
if [[ "$option" =~ ^[0-9]+$ ]] && [ ! -z "${candidates[$option]}" ]; then
FILE="$(keyringer_filename "$RELATIVE_PATH/${candidates[$option]}")"
- else
- echo "Invalid option"
- exit 1
+ elif [ ! -z "$option" ]; then
+ keyringer_get_file $option
fi
else
- echo "File not found: $KEYDIR/$FILE"
- exit 1
+ echo "Nothing matches $option, try again."
+ keyringer_get_file
fi
fi
+
+ # Probably Ctrl-D was hit
+ if [ -z "$FILE" ]; then
+ echo ""
+ exit
+ fi
}
# Get a new file argument
@@ -473,7 +480,7 @@ function keyringer_get_new_file {
fi
# Sanitize and complete file name
- FILE="`echo $FILE | sed -e 's/[^A-Za-z0-9.\/\-]/_/g'`"
+ FILE="`echo $FILE | sed -e 's/[^A-Za-z0-9@.\/\-]/_/g'`"
# Warn user about file name change
if [ "`basename "$*"`" != "`basename $FILE`" ]; then
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 13de085..39669b6 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -1,7 +1,7 @@
-.TH KEYRINGER 1 "Oct 25, 2013" "Keyringer User Manual"
+.TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" ""
.SH NAME
.PP
-keyringer - encrypted and distributed secret sharing software
+keyringer \- encrypted and distributed secret sharing software
.SH SYNOPSIS
.PP
keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
@@ -10,8 +10,8 @@ keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
Keyringer lets you manage and share secrets using GnuPG and Git in a
distributed fashion.
.PP
-It has custom commands to create key-pairs and to encrypt, decrypt and
-re-encrypt secrets.
+It has custom commands to create key\-pairs and to encrypt, decrypt and
+re\-encrypt secrets.
It also supports encryption to multiple recipients and groups of
recipients, to allow a workgroup to share access to a single repository
while restricting some secrets to subsets of the group.
@@ -87,14 +87,14 @@ Remove an empty folder inside the repository \f[I]keys\f[] folder.
.TP
.B tree <\f[I]path\f[]>
List contents from the toplevel repository \f[I]keys\f[] folder or from
-relative paths if \f[I]path\f[] is specified using a tree-like format.
+relative paths if \f[I]path\f[] is specified using a tree\-like format.
Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[]
command.
.RS
.RE
.TP
.B shell
-Run keyringer on interactive mode from a built-in command-line prompt
+Run keyringer on interactive mode from a built\-in command\-line prompt
where all other actions can be called and are operated from the current
selected keyring.
.RS
@@ -138,7 +138,7 @@ read from the standard input and encrypting again.
.RS
.RE
.TP
-.B append-batch <\f[I]secret\f[]>
+.B append\-batch <\f[I]secret\f[]>
Append contents into a secret, batch mode.
.RS
.RE
@@ -177,11 +177,11 @@ Rename a secret.
.B edit <\f[I]secret\f[]>
Edit a secret by temporarily decrypting it, opening the decrypted copy
into the text editor defined by the \f[I]$EDITOR\f[] environment
-variable and then re-encrypting it.
+variable and then re\-encrypting it.
.RS
.PP
Please make sure to use an
-\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[]. \f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[]
+\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[]
is set to VIM and disables the \f[I]\&.viminfo\f[] file.
.RE
.TP
@@ -194,30 +194,26 @@ encrypt all it\[aq]s contents.
.RS
.RE
.TP
-.B encrypt-batch <\f[I]secret\f[]> [\f[I]file\f[]]
+.B encrypt\-batch <\f[I]secret\f[]> [\f[I]file\f[]]
Encrypt content, batch mode.
Behavior is identical to \f[I]encrypt\f[] action, but less verbose.
Useful inside scripts.
.RS
.RE
.TP
-.B genkeys
-<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
-[\f[I]options\f[]]
-Wrapper to generate encryption key-pairs, useful for automated key
+.B genkeys <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509\-self\f[]|\f[I]ssl\f[]|\f[I]ssl\-self\f[]> [\f[I]options\f[]]
+Wrapper to generate encryption key\-pairs, useful for automated key
deployment.
.RS
.RE
.TP
-.B genpair
-<\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509-self\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
-[\f[I]options\f[]]
+.B genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]x509\f[]|\f[I]x509\-self\f[]|\f[I]ssl\f[]|\f[I]ssl\-self\f[]> [\f[I]options\f[]]
Alias for \f[I]genkeys\f[] action.
.RS
.RE
.TP
.B open <\f[I]secret\f[]>
-Decrypt a secret into a temporary folder and open it using xdg-open,
+Decrypt a secret into a temporary folder and open it using xdg\-open,
which tries to figure out the file type and then calls the associated
application.
.RS
@@ -227,16 +223,16 @@ file again into the secret file and deletes the temporary file.
.RE
.TP
.B recrypt <\f[I]secret\f[]>
-Re-encrypts a secret by decrypting it and encrypting it again.
+Re\-encrypts a secret by decrypting it and encrypting it again.
Useful when users are added into the recipient configuration.
If no \f[I]secret\f[] is given, all secrets in the repository are
-re-encrypted.
+re\-encrypted.
.RS
.RE
.TP
.B clip <\f[I]secret\f[]>
Copy the first line of a secret to the clipboard, following
-password-store convention.
+password\-store convention.
.RS
.RE
.TP
@@ -287,7 +283,7 @@ Alias for usage action.
.RS
.RE
.TP
-.B recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipients-file\f[]>
+.B recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipients\-file\f[]>
List, create or edit recipients configuration.
.RS
.PP
@@ -296,13 +292,13 @@ used by keyringer when encrypting secrets and associated with email
aliases.
.PP
Keyringer uses a default recipients file, but specifying a custom
-\f[I]recipients-file\f[] pathname will override this default.
+\f[I]recipients\-file\f[] pathname will override this default.
.PP
For instance, if a user encrypts a secret to a file in the keyring
-repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients-file\f[]
+repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[]
under \f[I]accounting\f[] will be used.
-Encrypting a secret into \f[I]accounting/bank-accounts\f[] will result
-in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[]
+Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result
+in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[]
encrypted using the public keys listed in the config
file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
.PP
@@ -328,7 +324,7 @@ Create or edit a recipients file.
Editing happens using the editor specified by the \f[C]$EDITOR\f[]
environment variable.
.PP
-The required parameter \f[I]recipients-file\f[] is interpreted relative
+The required parameter \f[I]recipients\-file\f[] is interpreted relative
to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder.
.RE
.RE
@@ -350,11 +346,11 @@ Metadata is not encrypted, meaning that an attacker with access to a
keyringer repository can discover all public key IDs used for
encryption, and which secrets are encrypted to which keys.
This can be improved in the future by encrypting the repository
-configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG
+configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG
option and encrypted repository options.
.PP
To mitigate that, it\[aq]s possible to keep the repo just atop of an
-encrypted and non-public place.
+encrypted and non\-public place.
.IP "2." 3
History is not rewritten by default when secrets are removed from a
keyringer repository.