summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rwxr-xr-xlib/keyringer/actions/genkeys30
-rwxr-xr-xlib/keyringer/actions/pwgen4
-rwxr-xr-xlib/keyringer/functions17
3 files changed, 31 insertions, 20 deletions
diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys
index 634c847..deacbfd 100755
--- a/lib/keyringer/actions/genkeys
+++ b/lib/keyringer/actions/genkeys
@@ -34,23 +34,25 @@ function genkeys_ssh {
function genkeys_gpg {
echo "Make sure that $KEYDIR is atop of an encrypted volume."
- passphrase="no"
- passphrase_confirm="confirm"
+ #passphrase="no"
+ #passphrase_confirm="confirm"
- while [ "$passphrase" != "$passphrase_confirm" ]; do
- read -s -p "Enter password for the private key: " passphrase
- printf "\n"
- read -s -p "Enter password again: " passphrase_confirm
- printf "\n"
+ #while [ "$passphrase" != "$passphrase_confirm" ]; do
+ # read -s -p "Enter password for the private key: " passphrase
+ # printf "\n"
+ # read -s -p "Enter password again: " passphrase_confirm
+ # printf "\n"
- if [ "$passphrase" != "$passphrase_confirm" ]; then
- echo "Password don't match."
- fi
- done
+ # if [ "$passphrase" != "$passphrase_confirm" ]; then
+ # echo "Password don't match."
+ # fi
+ #done
+
+ keyringer_exec pwgen "$BASEDIR" "$FILE.passwd"
+ passphrase="`keyringer_exec decrypt "$BASEDIR" "$FILE.passwd"`"
# TODO: insert random bytes
# TODO: custom Name-Comment and Name-Email
- # TODO: allow for empty passphrases
$GPG --homedir "$TMPWORK" --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
@@ -68,8 +70,8 @@ EOF
$GPG --armor --homedir "$TMPWORK" --export-secret-keys | keyringer_exec encrypt "$BASEDIR" "$FILE"
echo "Encrypting public key into keyringer..."
$GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
- echo "Encrypting passphrase into keyringer..."
- echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
+ #echo "Encrypting passphrase into keyringer..."
+ #echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen
index 3c03681..e1e8947 100755
--- a/lib/keyringer/actions/pwgen
+++ b/lib/keyringer/actions/pwgen
@@ -13,12 +13,12 @@ FILE="$2"
# Generates a random passphrase
function keyringer_pwgen {
- ENTROPY_BYTES=${1:-20} # in bytes
+ ENTROPY_BYTES=${1:-40} # in bytes
ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}"
# Strip possible newlines if output is wrapped.
# Also strip trailing = signs as they add nothing to the password's entropy.
- head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n='
+ dd bs=1 count=$ENTROPY_BYTES if=$ENTROPY_SOURCE status=none | base64 | tr -d '\n='
echo
}
diff --git a/lib/keyringer/functions b/lib/keyringer/functions
index 6f9a5e3..d529daf 100755
--- a/lib/keyringer/functions
+++ b/lib/keyringer/functions
@@ -161,7 +161,7 @@ function keyringer_set_tmpfile {
if [ -z "$1" ]; then
template="$tmp/keyringer.XXXXXXXXXX"
else
- template="$tmp/XXXXXXXXXX.$1"
+ template="$tmp/keyringer.$1.XXXXXXXXXX"
fi
mkdir -p "$tmp"
@@ -192,27 +192,36 @@ function keyringer_shred {
return
fi
+ # Create our test target
+ local rmtest="$(mktemp)"
+
# Get shred implementation
if which wipe &> /dev/null; then
tool="wipe"
elif which shred &> /dev/null; then
tool="shred"
+ elif rm -P "${rmtest}" &> /dev/null; then
+ tool="rm -P"
else
# Worst implementation
message="WARNING $message"
tool="rm"
fi
+ # Cleanup in case "rm -P" is never called or -P flag is unsupported
+ rm -f "${rmtest}"
+
echo "$message $path using $tool..."
if [ -d "$path" ]; then
- if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then
+ if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then
$tool -rf $path
else
- find $path -exec $tool -uf {} \;
+ find $path -type f -exec $tool -uf {} \;
+ find $path -depth -type d -exec rmdir {} \;
fi
else
- if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then
+ if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then
$tool -f "$path"
else
$tool -uf "$path"