summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to 'share')
-rwxr-xr-xshare/keyringer/append6
-rwxr-xr-xshare/keyringer/commands10
-rwxr-xr-xshare/keyringer/decrypt3
-rwxr-xr-xshare/keyringer/edit15
-rwxr-xr-xshare/keyringer/encrypt31
-rwxr-xr-xshare/keyringer/genpair16
l---------share/keyringer/open1
-rwxr-xr-xshare/keyringer/preferences37
-rwxr-xr-xshare/keyringer/recrypt14
-rwxr-xr-xshare/keyringer/usage10
-rw-r--r--share/man/keyringer.194
-rw-r--r--share/man/keyringer.1.mdwn99
12 files changed, 322 insertions, 14 deletions
diff --git a/share/keyringer/append b/share/keyringer/append
index 045ba86..bcc9e5e 100755
--- a/share/keyringer/append
+++ b/share/keyringer/append
@@ -32,4 +32,10 @@ for element in $(seq 0 $((${#NEW[@]} - 1))); do
echo ${NEW[$element]}
done | keyringer_exec encrypt-batch $BASEDIR $FILE
+err="$?"
+
+if [ "$err" != "0" ]; then
+ exit "$err"
+fi
+
IFS="$OLDIFS"
diff --git a/share/keyringer/commands b/share/keyringer/commands
new file mode 100755
index 0000000..139725a
--- /dev/null
+++ b/share/keyringer/commands
@@ -0,0 +1,10 @@
+#!/bin/bash
+#
+# Show available commands
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source "$LIB" || exit 1
+
+keyringer_show_actions
diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt
index adc1134..bab9b34 100755
--- a/share/keyringer/decrypt
+++ b/share/keyringer/decrypt
@@ -12,3 +12,6 @@ keyringer_get_file "$2"
# Decrypt
$GPG --quiet --use-agent -d "$KEYDIR/$FILE"
+
+# Exit
+exit "$?"
diff --git a/share/keyringer/edit b/share/keyringer/edit
index 10798e2..fe05ecc 100755
--- a/share/keyringer/edit
+++ b/share/keyringer/edit
@@ -22,10 +22,21 @@ keyringer_set_tmpfile edit
# Decrypt the information to the file
$GPG --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE"
+if [ "$BASENAME" == "edit" ]; then
+ APP="$EDITOR"
+elif [ "$BASENAME" == "open" ]; then
+ if which xdg-open &> /dev/null; then
+ APP="xdg-open"
+ else
+ echo "You should have xdg-open application to perform this action, aborting."
+ exit 1
+ fi
+fi
+
# Prompt
-echo "Press any key to open the decrypted data in $EDITOR, Ctrl-C to abort"
+echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort"
read key
-"$EDITOR" "$TMPWORK"
+$APP "$TMPWORK"
# Encrypt again
$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK"
diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt
index da0941f..c0b7874 100755
--- a/share/keyringer/encrypt
+++ b/share/keyringer/encrypt
@@ -8,7 +8,18 @@ LIB="`dirname $0`/../../lib/keyringer/functions"
source "$LIB" || exit 1
# Aditional parameters
-keyringer_get_new_file "$2"
+if [ ! -z "$3" ]; then
+ UNENCRYPTED_FILE="$2"
+ keyringer_get_new_file "$3"
+
+ if [ ! -f "$UNENCRYPTED_FILE" ]; then
+ echo "Error: cannot encrypted $UNENCRYPTED_FILE: file not found."
+ exit 1
+ fi
+else
+ UNENCRYPTED_FILE="-"
+ keyringer_get_new_file "$2"
+fi
# Set recipients file
keyringer_set_recipients "$FILE"
@@ -18,12 +29,26 @@ mkdir -p "$KEYDIR/`dirname $FILE`"
if [ "$BASENAME" == "encrypt" ]; then
# Only display directions if we're running encrypt, not encrypt-batch
- echo "Type your message and finish your input with EOF (Ctrl-D)."
+ if [ "$UNENCRYPTED_FILE" == "-" ]; then
+ echo "Type your message and finish your input with EOF (Ctrl-D)."
+ fi
+fi
+
+$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$FILE" $UNENCRYPTED_FILE
+
+err="$?"
+
+if [ "$err" != "0" ]; then
+ exit "$err"
fi
-$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") - > "$KEYDIR/$FILE"
+if [ "$UNENCRYPTED_FILE" != "-" ]; then
+ echo "Now make to wipe the non-encrypted $UNENCRYPTED_FILE."
+fi
# Stage
if [ -d "$BASEDIR/.git" ]; then
keyringer_exec git "$BASEDIR" add "keys/$FILE"
fi
+
+exit "$?"
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
index 85ec1ac..71ae86d 100755
--- a/share/keyringer/genpair
+++ b/share/keyringer/genpair
@@ -11,8 +11,8 @@ function genpair_ssh {
echo "Make sure that $KEYDIR is atop of an encrypted volume."
read -p "Hit ENTER to continue." prompt
- # TODO: programatically enter blank passphrase twice
- ssh-keygen -t rsa -f "$TMPWORK/id_rsa" -C "root@$NODE"
+ # We're using empty passphrases
+ ssh-keygen -t rsa -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE"
# Encrypt the result
echo "Encrypting secret key into keyringer..."
@@ -70,7 +70,7 @@ EOF
echo "Encrypting public key into keyringer..."
$GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub"
echo "Encrypting passphrase into keyringer..."
- echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
+ echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd"
# TODO: add outfiles into version control
if [ ! -z "$OUTFILE" ]; then
@@ -153,7 +153,7 @@ EOF
if [ "$KEYTYPE" == "ssl-self" ]; then
echo "Encrypting certificate into keyringer..."
- cat "$NODE.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
+ cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt"
elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then
# Remove any existing crt
keyringer_exec del "$BASEDIR" "$FILE.crt"
@@ -164,18 +164,18 @@ EOF
if [ ! -z "$OUTFILE" ]; then
# TODO: add outfiles into version control
mkdir -p `dirname $OUTFILE`
- printf "Saving copies at %s.pem, %s.csr and %s.crt\n" "$OUTFILE" "$OUTFILE" "$OUTFILE"
+ printf "Saving copies at %s\n" "`dirname $OUTFILE`"
cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem"
cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr"
- if [ -f "$TMPWORK/$NODE.crt" ]; then
- cat "$TMPWORK/$NODE.crt" > "$OUTFILE.crt"
+ if [ -f "$TMPWORK/${NODE}.crt" ]; then
+ cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt"
fi
fi
# Show cert fingerprint
if [ "$KEYTYPE" == "ssl-self" ]; then
- openssl x509 -noout -in "$TMPWORK/$NODE.crt" -fingerprint
+ openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint
fi
echo "Done"
diff --git a/share/keyringer/open b/share/keyringer/open
new file mode 120000
index 0000000..8491ab9
--- /dev/null
+++ b/share/keyringer/open
@@ -0,0 +1 @@
+edit \ No newline at end of file
diff --git a/share/keyringer/preferences b/share/keyringer/preferences
new file mode 100755
index 0000000..2819b50
--- /dev/null
+++ b/share/keyringer/preferences
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+# Manipulate preferences.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source "$LIB" || exit 1
+
+COMMAND="$2"
+
+if [ -z "$COMMAND" ]; then
+ echo "Usage: keyringer <keyring> preferences <command> [arguments]"
+ echo "Available commands:"
+ echo " ls"
+ echo " edit"
+ echo " add"
+ exit 1
+fi
+
+# Create options file if old repository
+if [ ! -e "$PREFERENCES" ]; then
+ echo "Creating preferences file..."
+ touch "$PREFERENCES"
+fi
+
+if [ "$COMMAND" == "ls" ]; then
+ cat "$PREFERENCES"
+elif [ "$COMMAND" == "edit" ]; then
+ "$EDITOR" "$PREFERENCES"
+elif [ "$COMMAND" == "add" ]; then
+ shift 2
+ [[ -n $* ]] && echo $* >> "$PREFERENCES"
+else
+ printf "%s: No such command %s\n" "$BASENAME" "$COMMAND"
+ exit 1
+fi
diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt
index cbf1af9..63f7bc6 100755
--- a/share/keyringer/recrypt
+++ b/share/keyringer/recrypt
@@ -14,12 +14,24 @@ function keyringer_recrypt {
# Set recipients file
keyringer_set_recipients "$FILE"
+ # Decrypt
+ decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)"
+
+ if [ "$?" != "0" ]; then
+ echo "Decryption error."
+ exit 1
+ fi
+
# Recrypt
- $GPG --use-agent -d "$KEYDIR/$FILE" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE"
+ recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`"
if [ "$?" != "0" ]; then
+ echo "Recryption error."
exit 1
fi
+
+ unset decrypted
+ echo "$recrypted" > "$KEYDIR/$FILE"
}
if [ ! -z "$2" ]; then
diff --git a/share/keyringer/usage b/share/keyringer/usage
new file mode 100755
index 0000000..a4602ac
--- /dev/null
+++ b/share/keyringer/usage
@@ -0,0 +1,10 @@
+#!/bin/bash
+#
+# Show available commands
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source "$LIB" || exit 1
+
+keyringer_usage
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
new file mode 100644
index 0000000..2eaa30d
--- /dev/null
+++ b/share/man/keyringer.1
@@ -0,0 +1,94 @@
+.TH KEYRINGER 1 "August 17, 2013" "Keyringer User Manual"
+.SH NAME
+.PP
+keyringer - encrypted and distributed secret sharing software
+.SH SYNOPSIS
+.PP
+keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
+.SH DESCRIPTION
+.PP
+Keyringer lets you manage and share secrets using GPG and git with
+custom commands to encrypt, decrypt, recrypt, create key pairs, etc.
+.SH ACTIONS
+.PP
+Keyringer has three types of actions:
+.IP "1." 3
+Configuration actions.
+.IP "2." 3
+Secret manipulation actions.
+.IP "3." 3
+Repository lookup and manipulation actions.
+.SS CONFIGURATION ACTIONS
+.PP
+commands : List available actions, useful for shell completion and
+syntax check.
+.PP
+options <\f[I]ls\f[]|\f[I]edit\f[]|\f[I]add\f[]> : List, edit or add
+miscelaneous \f[I]repository options\f[].
+.PP
+preferences <\f[I]ls\f[]|\f[I]edit\f[]|\f[I]add\f[]> : List, edit or add
+\f[I]user options\f[] for a given repository.
+.PP
+recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipient-file\f[]> : List
+or edit recipient configuration.
+.PP
+usage : Show usage information.
+.SS SECRET MANIPULATION ACTIONS
+.PP
+All secret manipulation actions operates upon a \f[I]SECRET\f[], which
+is the pathname of an encrypted file relative to keyring with optional
+\f[C]\&.asc\f[] extension.
+.PP
+Secret manipulation actions do not commit changes into the secret
+repository.
+After any manipulation, the user has to manually commit the changes.
+.PP
+append <\f[I]SECRET\f[]> : Append contents into a secret.
+.PP
+append-batch <\f[I]SECRET\f[]> : Append contents into a secret, batch
+mode.
+.PP
+decrypt <\f[I]SECRET\f[]> : Decrypts a secret into standard output.
+.PP
+del <\f[I]SECRET\f[]> : Removes a secret using git.
+After deleting a secret a git commit and push is still needed to update
+remote repositories.
+To completely remove a file from a keyring, you should also rewrite the
+git history by yourself.
+.PP
+edit <\f[I]SECRET\f[]> : Edits a secret by temporarily decrypting it,
+opening the decrypted copy into \f[I]$EDITOR\f[] and then recrypting it
+again.
+.PP
+encrypt [\f[I]file\f[]] <\f[I]SECRET\f[]> : Encrypts content from
+standard input or \f[I]file\f[] into \f[I]SECRET\f[].
+.PP
+encrypt-batch <\f[I]SECRET\f[]> : Encrypt content, batch mode.
+.PP
+genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]>
+[\f[I]options\f[]] : Wrapper to generete encryption keypairs, useful for
+automated key deployment.
+.PP
+open <\f[I]SECRET\f[]> : Open a secret using xdg-open.
+.PP
+recrypt <\f[I]SECRET\f[]> : Recrypts a secret by decrypting it and
+recrypting again.
+Useful when users are added into recipient configuration.
+If no \f[I]SECRET\f[] is given, all secrets in the repository are
+re-encrypted.
+.SH REPOSITORY LOOKUP AND MANIPULATION ACTIONS
+.PP
+git <\f[I]action\f[]> <\f[I]options\f[]> : Git wrapper that operates
+from the toplevel keyring repository.
+.PP
+ls <\f[I]PATH\f[]> : List contents from the toplevel repository
+\f[I]keys\f[] folder or from relative \f[I]PATH\f[].
+.SH SEE ALSO
+.PP
+The \f[I]README\f[] file distributed with Keyringer contains full
+documentation.
+.PP
+The Keyringer source code and all documentation may be downloaded from
+<https://keyringer.pw>.
+.SH AUTHORS
+Silvio Rhatto.
diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn
new file mode 100644
index 0000000..14ae687
--- /dev/null
+++ b/share/man/keyringer.1.mdwn
@@ -0,0 +1,99 @@
+% KEYRINGER(1) Keyringer User Manual
+% Silvio Rhatto
+% August 17, 2013
+
+# NAME
+
+keyringer - encrypted and distributed secret sharing software
+
+# SYNOPSIS
+
+keyringer <*keyring*> <*action*> [*options*]...
+
+# DESCRIPTION
+
+Keyringer lets you manage and share secrets using GPG and git with custom
+commands to encrypt, decrypt, recrypt, create key pairs, etc.
+
+# ACTIONS
+
+Keyringer has three types of actions:
+
+1. Configuration actions.
+2. Secret manipulation actions.
+3. Repository lookup and manipulation actions.
+
+## CONFIGURATION ACTIONS
+
+commands
+: List available actions, useful for shell completion and syntax check.
+
+options <*ls*|*edit*|*add*>
+: List, edit or add miscelaneous *repository options*.
+
+preferences <*ls*|*edit*|*add*>
+: List, edit or add *user options* for a given repository.
+
+recipients <*ls*|*edit*> <*recipient-file*>
+: List or edit recipient configuration.
+
+usage
+: Show usage information.
+
+## SECRET MANIPULATION ACTIONS
+
+All secret manipulation actions operates upon a *SECRET*, which is the pathname
+of an encrypted file relative to keyring with optional `.asc` extension.
+
+Secret manipulation actions do not commit changes into the secret repository.
+After any manipulation, the user has to manually commit the changes.
+
+append <*SECRET*>
+: Append contents into a secret.
+
+append-batch <*SECRET*>
+: Append contents into a secret, batch mode.
+
+decrypt <*SECRET*>
+: Decrypts a secret into standard output.
+
+del <*SECRET*>
+: Removes a secret using git. After deleting a secret a git commit and push is still
+ needed to update remote repositories. To completely remove a file from a keyring,
+ you should also rewrite the git history by yourself.
+
+edit <*SECRET*>
+: Edits a secret by temporarily decrypting it, opening the decrypted copy into *$EDITOR*
+ and then recrypting it again.
+
+encrypt [*file*] <*SECRET*>
+: Encrypts content from standard input or *file* into *SECRET*.
+
+encrypt-batch <*SECRET*>
+: Encrypt content, batch mode.
+
+genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*]
+: Wrapper to generete encryption keypairs, useful for automated key deployment.
+
+open <*SECRET*>
+: Open a secret using xdg-open.
+
+recrypt <*SECRET*>
+: Recrypts a secret by decrypting it and recrypting again. Useful when users are added
+ into recipient configuration. If no *SECRET* is given, all secrets in the repository
+ are re-encrypted.
+
+# REPOSITORY LOOKUP AND MANIPULATION ACTIONS
+
+git <*action*> <*options*>
+: Git wrapper that operates from the toplevel keyring repository.
+
+ls <*PATH*>
+: List contents from the toplevel repository *keys* folder or from relative *PATH*.
+
+# SEE ALSO
+
+The *README* file distributed with Keyringer contains full documentation.
+
+The Keyringer source code and all documentation may be downloaded from
+<https://keyringer.pw>.