diff options
-rw-r--r-- | .task/backlog.data | 5 | ||||
-rw-r--r-- | .task/pending.data | 1 | ||||
-rw-r--r-- | .task/undo.data | 19 | ||||
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | Makefile | 4 | ||||
-rwxr-xr-x | keyringer | 2 | ||||
-rwxr-xr-x | lib/keyringer/actions/genkeys | 5 | ||||
-rwxr-xr-x | lib/keyringer/actions/pass | 20 | ||||
-rw-r--r-- | share/man/keyringer.1 | 54 | ||||
-rw-r--r-- | tasks.md | 4 |
10 files changed, 91 insertions, 30 deletions
diff --git a/.task/backlog.data b/.task/backlog.data index d047ddf..8681994 100644 --- a/.task/backlog.data +++ b/.task/backlog.data @@ -66,3 +66,8 @@ {"description":"Merge OpenBSD patches","entry":"20180522T173012Z","modified":"20180530T173542Z","project":"keyringer","status":"pending","tags":["important"],"uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"} {"description":"Merge OpenBSD patches","entry":"20180522T173012Z","modified":"20180530T173559Z","project":"keyringer","status":"pending","uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"} {"description":"Merge OpenBSD patches","end":"20180530T174450Z","entry":"20180522T173012Z","modified":"20180530T174450Z","project":"keyringer","status":"completed","uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T165944Z","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T170601Z","priority":"M","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T170617Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"description","entry":"20210523T165944Z","modified":"20210523T170708Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b","entry":"20210523T165944Z","modified":"20210523T170815Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} diff --git a/.task/pending.data b/.task/pending.data index 55a1f53..f9eb022 100644 --- a/.task/pending.data +++ b/.task/pending.data @@ -45,3 +45,4 @@ [description:"(bw)Is#59 - Hidden service howto .. https:\/\/keyringer.pw\/trac\/ticket\/59" entry:"1527005932" modified:"1527005932" priority:"L" project:"keyringer" status:"pending" traccomponent:"usability" tracnumber:"59" tracsummary:"Hidden service howto" tracurl:"https:\/\/keyringer.pw\/trac\/ticket\/59" uuid:"10e30d99-7c65-45af-9d72-d67b93966e5f"] [description:"(bw)Is#67 - Document tips .. https:\/\/keyringer.pw\/trac\/ticket\/67" entry:"1527005932" modified:"1527005932" priority:"L" project:"keyringer" status:"pending" traccomponent:"usability" tracnumber:"67" tracsummary:"Document tips" tracurl:"https:\/\/keyringer.pw\/trac\/ticket\/67" uuid:"e45c7e62-d550-437d-9393-b9944220cb67"] [description:"Build static HTML report from taskwarrior" entry:"1527010498" modified:"1527010498" project:"keyringer" status:"pending" uuid:"5a63f746-48b2-4a16-a61b-81e8bcaeae27"] +[description:"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b" entry:"1621789184" modified:"1621789695" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] diff --git a/.task/undo.data b/.task/undo.data index 27855a7..ebe9068 100644 --- a/.task/undo.data +++ b/.task/undo.data @@ -222,3 +222,22 @@ time 1527702290 old [description:"Merge OpenBSD patches" entry:"1527010212" modified:"1527701759" project:"keyringer" status:"pending" uuid:"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"] new [description:"Merge OpenBSD patches" end:"1527702290" entry:"1527010212" modified:"1527702290" project:"keyringer" status:"completed" uuid:"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"] --- +time 1621789184 +new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789184" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789561 +old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789184" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789561" priority:"M" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789577 +old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789561" priority:"M" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789577" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789628 +old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789577" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"description" entry:"1621789184" modified:"1621789628" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789695 +old [description:"description" entry:"1621789184" modified:"1621789628" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b" entry:"1621789184" modified:"1621789695" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- @@ -1,3 +1,10 @@ +2021-07-03 - 0.5.6 - Silvio Rhatto <rhatto@riseup.net> + + Fix Debian bug #990255: keyringer incorrectly tries to use vim settings from + '/usr/bin/../share/keyringer/editors/vim' + + Adds "pass" action behaving like pass(1) for outputing single-line secrets. + 2020-01-18 - develop - Silvio Rhatto <rhatto@riseup.net> Install zsh completion in the default path @@ -28,8 +28,8 @@ install_lib: $(INSTALL) -D -m 0755 lib/keyringer/functions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/functions $(INSTALL) -D -m 0755 -d lib/keyringer/actions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions $(INSTALL) -D -m 0755 lib/keyringer/actions/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions - $(INSTALL) -D -m 0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors - $(INSTALL) -D -m 0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors + $(INSTALL) -D -m 0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/share/$(PACKAGE)/editors + $(INSTALL) -D -m 0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/share/$(PACKAGE)/editors install_bin: $(INSTALL) -D -m 0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer @@ -140,7 +140,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.5.5" +KEYRINGER_VERSION="0.5.6" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys index addd10d..d9af46a 100755 --- a/lib/keyringer/actions/genkeys +++ b/lib/keyringer/actions/genkeys @@ -185,6 +185,11 @@ EOF openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint fi + # Show CSR + if [ "$KEYTYPE" != "ssl-self" ] || [ "$KEYTYPE" != "x509-self" ]; then + cat "$TMPWORK/${NODE}_csr.pem" + fi + echo "Done" } diff --git a/lib/keyringer/actions/pass b/lib/keyringer/actions/pass new file mode 100755 index 0000000..7bca7d5 --- /dev/null +++ b/lib/keyringer/actions/pass @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# +# Behave like pass(1), outputing just the first line of a secret. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" read $* || exit 1 + +# Get file +keyringer_get_file "$2" + +# Decrypt +pass="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null | head -n 1)" + +# Output password +echo "$pass" + +# Exit +exit "$?" diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 16cceb7..def8c38 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pandoc 1.17.2 +.\" Automatically generated by Pandoc 2.2.1 .\" .TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" "" .hy @@ -7,7 +7,7 @@ keyringer \- encrypted and distributed secret sharing software .SH SYNOPSIS .PP -keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]... +keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]\&... .SH DESCRIPTION .PP Keyringer lets you manage and share secrets using GnuPG and Git in a @@ -66,7 +66,7 @@ applied in the keyring repository. .RE .TP .B commit [\f[I]arguments\f[]] -Alias to "git commit". +Alias to \[lq]git commit\[rq]. .RS .RE .TP @@ -102,7 +102,7 @@ where all other actions can be called and are operated from the current selected keyring. .RS .PP -An additional "cd" internal command is available for directory +An additional \[lq]cd\[rq] internal command is available for directory navigation. .PP All <\f[I]secret\f[]> parameters from actions invoked from the shell are @@ -189,8 +189,8 @@ variable and then re\-encrypting it. .RS .PP Please make sure to use an -\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[]*EDITOR\f[] -is set to VIM and disables the \f[I]\&.viminfo\f[] file. +\f[I]\f[]E\f[I]\f[]D\f[I]\f[]I\f[I]\f[]T\f[I]\f[]O\f[I]\f[]R\f[I] * \f[]w\f[I]\f[]h\f[I]\f[]i\f[I]\f[]c\f[I]\f[]h\f[I]\f[]d\f[I]\f[]o\f[I]\f[]e\f[I]\f[]s\f[I]\f[]n\f[I]\f[]o\f[I]\f[]t\f[I]\f[]l\f[I]\f[]e\f[I]\f[]a\f[I]\f[]k\f[I]\f[]d\f[I]\f[]a\f[I]\f[]t\f[I]\f[]a\f[I]\f[]l\f[I]\f[]i\f[I]\f[]k\f[I]\f[]e\f[I]\f[]h\f[I]\f[]i\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]r\f[I]\f[]y\f[I]\f[]b\f[I]\f[]u\f[I]\f[]f\f[I]\f[]f\f[I]\f[]e\f[I]\f[]r\f[I]\f[]s\f[I].\f[]K\f[I]\f[]e\f[I]\f[]y\f[I]\f[]r\f[I]\f[]i\f[I]\f[]n\f[I]\f[]g\f[I]\f[]e\f[I]\f[]r\f[I]\f[]t\f[I]\f[]r\f[I]\f[]i\f[I]\f[]e\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]d\f[I]\f[]e\f[I]\f[]t\f[I]\f[]e\f[I]\f[]c\f[I]\f[]t\f[I]\f[]i\f[I]\f[]f\f[I]*EDITOR\f[] +is set to VIM and disables the \f[I].viminfo\f[] file. .RE .TP .B encrypt <\f[I]secret\f[]> [\f[I]file\f[]] @@ -198,7 +198,7 @@ Encrypts content from standard input or \f[I]file\f[] into \f[I]secret\f[] pathname. No spaces are supported in the \f[I]secret\f[] name. If \f[I]file\f[] is actually a folder, keyringer will recursivelly -encrypt all it\[aq]s contents. +encrypt all it's contents. .RS .RE .TP @@ -297,9 +297,9 @@ comments. List, edit or add \f[I]user\f[] preferences for a given repository. .RS .PP -User preferences are settings which are saved in the user\[aq]s -keyringer folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the -other users. +User preferences are settings which are saved in the user's keyringer +folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the other +users. .PP Preferences are written using the \f[I]KEY=VALUE\f[] syntax. All lines starting with the hash (#) character are interpreted as @@ -328,17 +328,17 @@ Keyringer uses a default recipients file, but specifying a custom \f[I]recipients\-file\f[] pathname will override this default. .PP For instance, if a user encrypts a secret to a file in the keyring -repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[] +repository's \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[] under \f[I]accounting\f[] will be used. Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[] encrypted using the public keys listed in the config file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. .PP -Each line in a recipients file has entries in the format -\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where -\f[I]john\@doe.com\f[] is an alias for the OpenPGP public key whose -fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] +Each line in a recipients file has entries in the format `john\@doe.com +XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where \f[I]john\@doe.com\f[] +is an alias for the OpenPGP public key whose fingerprint is +\f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] .PP All lines starting with the hash (#) character are interpreted as comments. @@ -364,7 +364,7 @@ to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder. .SH FILES .TP .B $HOME/.keyringer/config -User\[aq]s main configuration file used to map alias names to keyrings. +User's main configuration file used to map alias names to keyrings. .RS .RE .TP @@ -386,11 +386,13 @@ Metadata is not encrypted, meaning that an attacker with access to a keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository -configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG +configuration with support for the \f[I]\[en]hidden\-recipient\f[] GnuPG option and encrypted repository options. +.RS 4 .PP -To mitigate that, it\[aq]s possible to keep the repo just atop of an +To mitigate that, it's possible to keep the repo just atop of an encrypted and non\-public place. +.RE .IP "2." 3 History is not rewritten by default when secrets are removed from a keyringer repository. @@ -398,14 +400,14 @@ After a secret is removed with the \f[I]del\f[] action, it will still be available in the repository history even after a commit. This is by design for the following reasons: .IP \[bu] 2 -It\[aq]s the default behavior of the Git content tracker. +It's the default behavior of the Git content tracker. Forcing the deletion by default could break the expected behavior and -hence limit the repository\[aq]s backup features, which can be helpful -if someone mistakenly overwrites a secret. +hence limit the repository's backup features, which can be helpful if +someone mistakenly overwrites a secret. .IP \[bu] 2 History rewriting cannot be considered a security measure against the -unauthorized access to a secret as it doesn\[aq]t automatically update -all working copies of the repository. +unauthorized access to a secret as it doesn't automatically update all +working copies of the repository. .RS 2 .PP In the case that the secret is a passphrase, the recommended measure @@ -419,13 +421,15 @@ using the \f[I]git\f[] action. Keyringer does not protect data which were not encrypted to a keyring, so be careful when decrypting secrets and writing them to the disk or other storage media. +.RS 4 .PP Pay special attention that keyringer outputs data to stdout, which could be easily spotted by any agent looking directly at you computer screen. .PP The xclip action even copies secret data to the X11 clipboard, which can -be accessed by any application running in the user\[aq]s X11 session, so -use this feature carefully. +be accessed by any application running in the user's X11 session, so use +this feature carefully. +.RE .SH SEE ALSO .PP The \f[I]README\f[] file distributed with Keyringer contains full @@ -13,7 +13,7 @@ Current issue tracker: [Taskwarrior](https://taskwarrior.org/) with data stored sudo apt install trac-xmlrpc trac-admin . config set components tracrpc.* enabled - trac-admin . permission add authenticated XML_RPC + trac-admin . permission add authenticated XML_RPC ## Client side @@ -26,7 +26,7 @@ Current issue tracker: [Taskwarrior](https://taskwarrior.org/) with data stored * https://bugwarrior.readthedocs.io/en/latest/common_configuration.html#envvar-BUGWARRIORRC * https://bugwarrior.readthedocs.io/en/latest/services/trac.html -* https://bugwarrior.readthedocs.io/en/latest/configuration.html#example-configuration +* https://bugwarrior.readthedocs.io/en/latest/configuration.html#example-configuration * https://bugwarrior.readthedocs.io/en/latest/using.html * https://trac.edgewall.org/wiki/TracPlugins * https://trac-hacks.org/wiki/XmlRpcPlugin |