From d6119b43f54c53d3fdffd995699337b100eee2c0 Mon Sep 17 00:00:00 2001 From: rhatto Date: Thu, 27 Mar 2014 22:03:39 -0300 Subject: Avoid viminfo if VIM is set as $EDITOR (#50) --- ChangeLog | 4 ++++ lib/keyringer/actions/edit | 1 + lib/keyringer/functions | 7 +++++++ 3 files changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5b1c53e..736bff5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2014-03-27 - Silvio Rhatto + + Avoid viminfo if VIM is set as $EDITOR (#50) + 2014-03-22 - 0.3.3 - Silvio Rhatto Use --recv-keys instead of --refresh-keys diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 03ccdab..ff220a1 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -38,6 +38,7 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" +echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" read key $APP "$TMPWORK" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index f1af951..af300ef 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -284,6 +284,13 @@ function keyringer_set_env { fi fi + # Avoid viminfo, see https://keyringer.pw/trac/ticket/50 + if $EDITOR --help | grep -q -e "^VIM"; then + if ! echo $EDITOR | grep -q -- "-i NONE"; then + EDITOR="$EDITOR -i NONE" + fi + fi + if [ ! -f "$OPTIONS" ]; then echo "No option config was found" exit 1 -- cgit v1.2.3 From edab719642f89ff4180110c6928d9ed62f67debb Mon Sep 17 00:00:00 2001 From: rhatto Date: Wed, 2 Apr 2014 11:38:34 -0300 Subject: Align command output --- ChangeLog | 2 ++ lib/keyringer/functions | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 736bff5..c9a9246 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-03-27 - Silvio Rhatto + Align command output + Avoid viminfo if VIM is set as $EDITOR (#50) 2014-03-22 - 0.3.3 - Silvio Rhatto diff --git a/lib/keyringer/functions b/lib/keyringer/functions index af300ef..1a0747e 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -517,7 +517,7 @@ function keyringer_action_usage { # Return available actions function keyringer_show_actions { - ls $ACTIONS + ls -C $ACTIONS } # Usage @@ -538,6 +538,7 @@ function keyringer_usage { printf "\tinit [remote]\n" $BASENAME fi keyringer_show_actions | sed -e 's/^/\t/' + printf "\n" } # Check repository integrity -- cgit v1.2.3 From 9c18956f82916ff9da2e6a718d2ae208778dab76 Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 4 Apr 2014 13:34:22 -0300 Subject: Adding "commit" action which is a wrapper around "git commit" --- ChangeLog | 4 +++- lib/keyringer/actions/commit | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100755 lib/keyringer/actions/commit diff --git a/ChangeLog b/ChangeLog index c9a9246..9c5a05c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -2014-03-27 - Silvio Rhatto +2014-04-04 - Silvio Rhatto + + Adding "commit" action which is a wrapper around "git commit" Align command output diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit new file mode 100755 index 0000000..47937c2 --- /dev/null +++ b/lib/keyringer/actions/commit @@ -0,0 +1,10 @@ +#!/bin/bash +# +# Git commit wrapper. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +keyringer_exec git "$BASEDIR" commit $* -- cgit v1.2.3 From 549fffc68213d9c960e2de61b294dd90f96263c4 Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 4 Apr 2014 15:17:55 -0300 Subject: Fix positional arguments on commit action --- lib/keyringer/actions/commit | 4 ++++ lib/keyringer/actions/git | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit index 47937c2..b124927 100755 --- a/lib/keyringer/actions/commit +++ b/lib/keyringer/actions/commit @@ -7,4 +7,8 @@ LIB="`dirname $0`/../functions" source "$LIB" || exit 1 +# Fix positional arguments +shift + +# Run git command keyringer_exec git "$BASEDIR" commit $* diff --git a/lib/keyringer/actions/git b/lib/keyringer/actions/git index d4e7aa4..059b20e 100755 --- a/lib/keyringer/actions/git +++ b/lib/keyringer/actions/git @@ -10,8 +10,9 @@ source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" -# Run git command +# Fix positional arguments shift +# Run git command mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $* cd "$CWD" -- cgit v1.2.3 From 23f21f59d9075f36c273e48f8f993a8018cec102 Mon Sep 17 00:00:00 2001 From: rhatto Date: Sun, 6 Apr 2014 20:04:20 -0300 Subject: Be more verbose on recrypt errors --- ChangeLog | 4 +++- lib/keyringer/actions/recrypt | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9c5a05c..8e4d5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -2014-04-04 - Silvio Rhatto +2014-04-06 - Silvio Rhatto + + Be more verbose on recrypt errors Adding "commit" action which is a wrapper around "git commit" diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt index 696399b..d374308 100755 --- a/lib/keyringer/actions/recrypt +++ b/lib/keyringer/actions/recrypt @@ -19,7 +19,7 @@ function keyringer_recrypt { decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)" if [ "$?" != "0" ]; then - echo "Decryption error." + echo "Decryption error on $1." exit 1 fi @@ -27,7 +27,7 @@ function keyringer_recrypt { recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`" if [ "$?" != "0" ]; then - echo "Recryption error." + echo "Recryption error on $1." exit 1 fi -- cgit v1.2.3 From 9218a6dfa42cc9a83d754d4c47b562a31102cf30 Mon Sep 17 00:00:00 2001 From: rhatto Date: Sun, 6 Apr 2014 20:37:42 -0300 Subject: Fix recryption error when using gpg-agent in text mode --- ChangeLog | 2 ++ lib/keyringer/actions/recrypt | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 8e4d5c9..73849ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-06 - Silvio Rhatto + Fix recryption error when using gpg-agent in text mode (#55) + Be more verbose on recrypt errors Adding "commit" action which is a wrapper around "git commit" diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt index d374308..30c9254 100755 --- a/lib/keyringer/actions/recrypt +++ b/lib/keyringer/actions/recrypt @@ -16,7 +16,7 @@ function keyringer_recrypt { keyringer_set_recipients "$FILE" # Decrypt - decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)" + decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE")" if [ "$?" != "0" ]; then echo "Decryption error on $1." -- cgit v1.2.3 From e6c63e48cf556930364e1c0684b4b550b32a5ead Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Sun, 6 Apr 2014 22:18:31 -0300 Subject: Fix usage message inside keyringer shell --- ChangeLog | 2 ++ lib/keyringer/functions | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 73849ef..57b4746 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-06 - Silvio Rhatto + Fix usage message inside keyringer shell. + Fix recryption error when using gpg-agent in text mode (#55) Be more verbose on recrypt errors diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 1a0747e..ad18f44 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -525,7 +525,7 @@ function keyringer_usage { local keyrings="$(ls --color=never `dirname $CONFIG` | sed -e 's/config//' | xargs)" printf "Keyringer $KEYRINGER_VERSION\n" - printf "Usage: %s [arguments]\n\n" "$BASENAME" + printf "Usage: keyringer [arguments]\n\n" # Display only when not in a keyring context if [ ! -z "$keyrings" ] && [ -z "$1" ]; then -- cgit v1.2.3 From a3eb9d5d4a9d3c06bdaa1b4c226b753fd8abcaec Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Sun, 6 Apr 2014 22:19:58 -0300 Subject: Fix GPG link on index --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index f9df557..f66df2c 100644 --- a/index.mdwn +++ b/index.mdwn @@ -218,7 +218,7 @@ Keyringer needs: - [Bash](http://tiswww.case.edu/php/chet/bash/bashtop.html) - [Git](http://git-scm.com) - - [GNU](Privacy Guard - http://gnupg.org) + - [GNU Privacy Guard](http://gnupg.org) - Grep, awk, tail, cut, sed and other GNU tools Optional dependencies if you want to manage ssl keys: -- cgit v1.2.3 From 0a1413d7d56314496d92b20db7ecfb114adef04f Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Sun, 6 Apr 2014 22:22:50 -0300 Subject: Index: more on recipient definitions --- index.mdwn | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index f66df2c..c25b02f 100644 --- a/index.mdwn +++ b/index.mdwn @@ -66,7 +66,7 @@ Your next step is tell keyringer the OpenPGP key IDs to encrypt files to: keyringer recipients ls Keyringer support multiple recipients in a per-folder style. Try it by -creating a sample keyringer +creating a sample recipient file: keyringer recipients edit closest-friends @@ -77,6 +77,10 @@ Fill it with your friends key IDs. Now encrypt a secret just for then: In other words, if keyringer finds a recipient file matching a given path, it will use it instead of the global recipients file. +You can even create recipient files with your friends' key IDs but without +yours: then you shall be able to encrypt secrets for them that even you cannot +access. Try to find an use case for that ;) + Each recipient list is defined in a file placed at `config/recipients` in your keyring repository. Take care to add just trustable recipients. -- cgit v1.2.3 From c3727f34681b64458449ffb094a366284723c622 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Sun, 6 Apr 2014 22:26:50 -0300 Subject: Adding commit action into manpage --- share/man/keyringer.1.mdwn | 3 +++ 1 file changed, 3 insertions(+) diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index adbaaa2..d40abc0 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -57,6 +57,9 @@ git <*action*> <*options*> : Git wrapper that operates from the toplevel keyring repository. You can issue any *GIT(1)* subcommand with this action to have it applied in the keyring repository. +commit [*arguments*] +: Alias to "git commit". + ls <*path*> : List contents from the toplevel repository *keys* folder or from relative paths if *path* is specified. Like the git wrapper, this is a wrapper around the *LS(1)* -- cgit v1.2.3 From 7d678dbcd5e8c532e2604581678c1cd583b0544c Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Sun, 6 Apr 2014 22:29:56 -0300 Subject: Concepts: phrasing change --- index.mdwn | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/index.mdwn b/index.mdwn index c25b02f..dda3e04 100644 --- a/index.mdwn +++ b/index.mdwn @@ -172,7 +172,8 @@ Concepts Basic idea is: - - Encrypt screts using multiple users's OpenPGP public keys and commit the output in a git repository. + - Encrypt screts using multiple users's OpenPGP public keys and commit the + output in a git repository. - Let users keep it in sync with the repository and the secrets are shared :) @@ -181,7 +182,7 @@ files, so it can be passphrases, private keys or other kind of information. With theses scripts, the workflow is more or less like this: - - You have a git repo for secret keys. + - You have a git repo used to store secrets encrypted with GnuPG. - You run the "encrypt" command and paste your private key to this command (so no plaintext is written to disk). -- cgit v1.2.3 From 709909129d6e7569534b3c4860ecc61d1f8a9119 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Mon, 7 Apr 2014 16:48:56 -0300 Subject: Development workflow --- development.mdwn | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/development.mdwn b/development.mdwn index cf969fe..957a7f8 100644 --- a/development.mdwn +++ b/development.mdwn @@ -37,6 +37,11 @@ These steps should be run once in a while to ensure we have an up to date packag DIST=sid sudo cowbuilder --update +Development workflow +-------------------- + +We use [git-flow](https://github.com/nvie/gitflow) for the development workflow. + Release workflow ---------------- -- cgit v1.2.3 From 9469f033404ce0ffea8b379fd26a046f9a6c61c0 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Tue, 8 Apr 2014 16:47:05 -0300 Subject: Genpair: generate ssh keys with 4096 bits --- ChangeLog | 6 ++++-- lib/keyringer/actions/genpair | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57b4746..916dbc2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ -2014-04-06 - Silvio Rhatto +2014-04-08 - Silvio Rhatto - Fix usage message inside keyringer shell. + Genpair: generate ssh keys with 4096 bits + + Fix usage message inside keyringer shell Fix recryption error when using gpg-agent in text mode (#55) diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair index 6898b0f..509f5c2 100755 --- a/lib/keyringer/actions/genpair +++ b/lib/keyringer/actions/genpair @@ -12,7 +12,7 @@ function genpair_ssh { read -p "Hit ENTER to continue." prompt # We're using empty passphrases - ssh-keygen -t rsa -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" + ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." -- cgit v1.2.3 From 9d04c79cf4a5b99d8910e07b5232267ed4cedcf5 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 10 Apr 2014 10:47:20 -0300 Subject: Genpair: 4096 bits ssl by default --- ChangeLog | 4 ++-- lib/keyringer/actions/genpair | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 916dbc2..738a1f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ -2014-04-08 - Silvio Rhatto +2014-04-10 - Silvio Rhatto - Genpair: generate ssh keys with 4096 bits + Genpair: generate ssh and ssl keys with 4096 bits size Fix usage message inside keyringer shell diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair index 509f5c2..6fc6dcd 100755 --- a/lib/keyringer/actions/genpair +++ b/lib/keyringer/actions/genpair @@ -132,7 +132,7 @@ EOF cat openssl.conf read -p "Hit ENTER to continue." prompt - openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \ + openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \ -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem openssl req -noout -text -in ${NODE}_csr.pem -- cgit v1.2.3 From ce93f05f4c55cff6507632e0e26c61f12dbf4fa7 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 10 Apr 2014 19:20:17 -0300 Subject: New tor hidden service (heartbleed) --- index.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.mdwn b/index.mdwn index dda3e04..0cba2c1 100644 --- a/index.mdwn +++ b/index.mdwn @@ -7,7 +7,7 @@ commands to encrypt, decrypt, recrypt, create key pairs, etc. - Manpage: [keyringer.1](share/man/keyringer.1) - License: [GPLv3+](LICENSE) - Issue tracker: [https://keyringer.pw/trac](https://keyringer.pw/trac) -- Tor hidden service: [http://y6ntvl5bzs3c7ffa.onion](http://y6ntvl5bzs3c7ffa.onion) +- Tor hidden service: [http://wewbqck6m3ffkn44.onion](http://wewbqck6m3ffkn44.onion) - Releases: [https://keyringer.pw/releases](releases) - Contact: rhatto at riseup.net -- cgit v1.2.3 From 51d18566e8430ab54191756ca130248ade5ac4d1 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Fri, 11 Apr 2014 13:31:24 -0300 Subject: Manpage formatting --- share/man/keyringer.1.mdwn | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index d40abc0..980d9c5 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -248,31 +248,31 @@ $KEYRING_FOLDER/config/options Keyringer currently has the following limitations: 1. Metadata is not encrypted, meaning that an attacker with access to a keyringer - repository can discover all public key IDs used for encryption, and which secrets - are encrypted to which keys. This can be improved in the future by encrypting - the repository configuration with support for the *--hidden-recipient* GnuPG - option. + repository can discover all public key IDs used for encryption, and which secrets + are encrypted to which keys. This can be improved in the future by encrypting + the repository configuration with support for the *--hidden-recipient* GnuPG + option. 2. History is not rewritten by default when secrets are removed from a keyringer - repository. After a secret is removed with the *del* action, it will still be - available in the repository history even after a commit. This is by design - for the following reasons: + repository. After a secret is removed with the *del* action, it will still be + available in the repository history even after a commit. This is by design + for the following reasons: - It's the default behavior of the Git content tracker. Forcing the - deletion by default could break the expected behavior and hence limit - the repository's backup features, which can be helpful if someone - mistakenly overwrites a secret. + deletion by default could break the expected behavior and hence limit + the repository's backup features, which can be helpful if someone + mistakenly overwrites a secret. - History rewriting cannot be considered a security measure against the - unauthorized access to a secret as it doesn't automatically update all - working copies of the repository. + unauthorized access to a secret as it doesn't automatically update all + working copies of the repository. - In the case that the secret is a passphrase, the recommended measure - against such attacks is to change the passphrase, making useless the - knowledge of the previous secret. + In the case that the secret is a passphrase, the recommended measure + against such attacks is to change the passphrase, making useless the + knowledge of the previous secret. - Users wishing to edit their repository history should proceed manually - using the *git* action. + Users wishing to edit their repository history should proceed manually + using the *git* action. # SEE ALSO -- cgit v1.2.3 From 778cab6307cf870d7913aea9a2afcdb68594155e Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Fri, 11 Apr 2014 13:28:59 -0300 Subject: Enhancing docs --- index.mdwn | 192 +++++++++++++++++++++++++++------------------ share/man/keyringer.1.mdwn | 11 ++- 2 files changed, 124 insertions(+), 79 deletions(-) diff --git a/index.mdwn b/index.mdwn index 0cba2c1..a886930 100644 --- a/index.mdwn +++ b/index.mdwn @@ -40,7 +40,7 @@ a new keyring (or register an existing one with your config file), run: keyringer init [remote] -This will +This will 1. Add an entry at `$HOME/.keyringer/config` aliasing 'keyring' to 'path'. 2. Initialize a git repository if needed. @@ -49,56 +49,21 @@ For example, keyringer friends init $HOME/keyrings/friends -will create an alias "friends" pointing to `$HOME/keyrings/friends`. All -other keyring actions should be called using this alias. +creates an alias "friends" pointing to `$HOME/keyrings/friends`. All +other keyring actions for this keyring should be called using this alias. If there is an existing remote keyring git repository and you just want to checkout it, use keyringer friends init $HOME/keyrings/friends -Managing recipients -------------------- - -Your next step is tell keyringer the OpenPGP key IDs to encrypt files to: - - keyringer recipients edit [recipient-name] - keyringer recipients ls - -Keyringer support multiple recipients in a per-folder style. Try it by -creating a sample recipient file: - - keyringer recipients edit closest-friends - -Fill it with your friends key IDs. Now encrypt a secret just for then: - - keyringer encrypt closest-friends/secret - -In other words, if keyringer finds a recipient file matching a given path, -it will use it instead of the global recipients file. - -You can even create recipient files with your friends' key IDs but without -yours: then you shall be able to encrypt secrets for them that even you cannot -access. Try to find an use case for that ;) - -Each recipient list is defined in a file placed at `config/recipients` in your -keyring repository. Take care to add just trustable recipients. - Managing secrets ---------------- -Each secret has a corresponding file in your `keys` subdirectory. - -Keyringer is agnostic about how you store your secrets. You may choose to have -one encrypted file that contains one line for each secret, e.g. a single file called -secrets with lines such as: +Each `secret` has a corresponding file inside `keys` subdirectory from the +keyring folder. Keyringer has plenty of actions to operate in these secrets: - emma : root : secret1 - emma - /dev/hda : : secret2 - -Or you may also have a different encrypted file for each secret, e.g. a file called -emma.root that contains the root passphrase for the server named `emma` and -another called emma.hda with the passphrase to decrypt `/dev/hda` on `emma`. + keyringer commands Encrypting a secret @@ -131,9 +96,6 @@ Listing secrets keyringer ls [arguments] -Each `` is stored as a file inside the `keys/` folder of your keyring -directory. - Git wrapper ----------- @@ -143,17 +105,29 @@ Keyringer comes with a simple git wrapper to ease common management tasks: keyringer git push keyringer master keyringer git pull -Configuration files, preferences and options --------------------------------------------- +Configuration files, preferences, options and recipients +-------------------------------------------------------- + +Basic keyringer operation depends in a set of configuration files: 1. Main config file: `$HOME/.keyringer/config`: store the location of each keyring. 2. User preferences per keyring: `$HOME/.keyringer/`: managed by - "keyringer preferences". + "keyringer preferences". Preferences aren't shared among + users, so each user can have it's own set of preferences. 3. Custom keyring options: `$KEYRING_FOLDER/config/options`: managed by - "keyringer options". + "keyringer options". Options are shared among all + keyring users. + + 4. Recipients: `$KEYRING_FOLDER/config/recipients/`: controls the list of + OpenPGP public key fingerprints that should be used when encrypting content. + Multiple recipients are supported, so secrets can be encrypted to + different sets of OpenPGP pubkeys in the same keyring. + +Other configuration parameters used by keyringer and it's actions are stored at +`$KEYRING_FOLDER/config/`. Using a non-default OpenPGP key ------------------------------- @@ -167,32 +141,104 @@ Example: keyringer preferences add KEYID=0123456789ABCDEF0123456789ABCDE012345678 -Concepts --------- +Managing recipients +------------------- + +Keyringer uses the `default` recipient stored at `$KEYRING_FOLDER/config/recipients/default` +as the standard list of OpenPGP public key fingerprints to which secrets should be encrypted. + +Additionally, keyringer supports multiple `recipient` files which can have a different set +of OpenPGP public key fingerprints used for encryption. + +Recipients are matched against secrets according to it's path. If there exists a recipient +called `accounting`, the following secret will be encrypted using it's OpenPGP public key +fingerprints: -Basic idea is: + keyringer encrypt accounting/balance - - Encrypt screts using multiple users's OpenPGP public keys and commit the - output in a git repository. +In other words, the `accounting` recipient file is used because the secret name begins +with `accounting`. - - Let users keep it in sync with the repository and the secrets are shared :) +So it's the case that recipients listed in the `default` recipient but not in the +`accounting` recipients won't be able to decrypt this secret. -Secrets can be any regular file as the script work with stdin and output things to -files, so it can be passphrases, private keys or other kind of information. +When you first initalized your keyring, keyringer might have asked you to populate +the `default` recipient list or you cloned a keyring repository which already has +the `default` recipient. -With theses scripts, the workflow is more or less like this: +If you want more recipient files, your next step is tell keyringer the OpenPGP +key IDs to encrypt files to: - - You have a git repo used to store secrets encrypted with GnuPG. + keyringer recipients edit [recipient-name] + keyringer recipients ls + +Remember that keyringer support multiple recipients in a per-folder style. Try +it by creating a sample recipient file: + + keyringer recipients edit closest-friends + +Fill it with your friends key IDs. Now encrypt a secret just for then: + + keyringer encrypt closest-friends/secret + +In other words, if keyringer finds a recipient file matching a given path, +it will use it instead of the global recipients file. + +You can even create recipient files with your friends' key IDs but without +yours: then you shall be able to encrypt secrets for them that even you cannot +access. Try to find an use case for that ;) + +Each recipient list is defined in a file placed at `config/recipients` in your +keyring repository. Take care to add just trustable recipients. + +Design +------ + +Keyringer's basic concepts are as follows: + + - Each secret is encrypted using multiple users's OpenPGP public keys and commit the + output in a git repository we call a "keyring". + + - A "recipient" a list of OpenPGP keys associated with a path in the keyring, so each + keyring can have multiple recipient definitions so secret compartmentalization is + builtin. All encryption should respect recipient definition. + + - Users can keep their keyring copies in sync using any git remote and push/pull + strategy they like, so key sharing gets easy. + + - A secret is not limited to passphrases or text: keyringer supports any file encryption, + so managing private keys, spreadsheets and media files are handled without distinction. + + - Secret is stored with OpenPGP ASCII-armoured output, so one doesn't need any special + program besides GnuPG to actually decrypt information. + + - Keyringer is agnostic about how you store your secrets. You may choose to have + one encrypted file that contains one line for each secret, e.g. a single file called + secrets with lines such as: - - You run the "encrypt" command and paste your private key to this - command (so no plaintext is written to disk). + emma : root : secret1 + emma - /dev/hda : : secret2 - - The encrypt command writes an encrypted file to the repo. + Or you may also have a different encrypted file for each secret, e.g. a file called + `emma.root` that contains the root passphrase for the server named `emma` and + another called `emma.hda` with the passphrase to decrypt `/dev/hda` on `emma`. - - You manually add it to git and push it to remote repositories. + Creating a logical structure to store your secrets is up to you :) - - Optionally, other users pulls the changes but they dont need to - decrypt anything until they need to use the keys. +Workflow +-------- + +Keyringer can be used as a personal or shared password/secret manager: + + - Each keyring is a full git repository used to store encrypted secrets + using ASCII-armoured OpenPGP. + + - Actions like `encrypt` allows you to paste your secrets directly to + GnuPG so no plaintext is written to disk. + + - By commiting, pushing and pulling each keyring repository, you can + easily share secrets with other people and systems and they don't + need to decrypt this information until they need. In summary, keyringer data store is basically gpg-encrypted data atop of a git repository (one can think of a kind of distributed encrypted filesystem). @@ -200,21 +246,13 @@ repository (one can think of a kind of distributed encrypted filesystem). Git was chosen to host encrypted info mostly for two reasos: easy to distribute and its the only VCS known to make easier repository history manipulation. -One possible drawback: the repo has pubkey information attached, which can be -linked to real people (and then disclose the information about who has access to a -given key). - -To mitigate that, it's possible to: - - - Keep the repo just atop of an encrypted and non-public place. - - - Or to consider an integration with gpg's --hidden-recipient option. +Limitations +----------- -Never decrypt a key and write it to the disk, except if you're adding it to -your personall keyring. + - See the [manpage](share/man/keyringer.1) for details. -Check [this page](https://wiki.koumbit.net/PasswordManagementService/SoftwareComparison) -a comparison on different password management tools. + - Check [this page](https://wiki.koumbit.net/PasswordManagementService/SoftwareComparison) + a comparison on different password management tools. Requirements ------------ diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 980d9c5..3b2fbc0 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -132,7 +132,7 @@ mv <*secret*> <*dest*> : Rename a secret. edit <*secret*> -: Edit a secret by temporarily decrypting it, opening the decrypted copy into the +: Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the *$EDITOR* environment variable and then re-encrypting it. encrypt <*secret*> [*file*] @@ -251,7 +251,10 @@ Keyringer currently has the following limitations: repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository configuration with support for the *--hidden-recipient* GnuPG - option. + option and encrypted repository options. + + To mitigate that, it's possible to keep the repo just atop of an encrypted and + non-public place. 2. History is not rewritten by default when secrets are removed from a keyringer repository. After a secret is removed with the *del* action, it will still be @@ -274,6 +277,10 @@ Keyringer currently has the following limitations: Users wishing to edit their repository history should proceed manually using the *git* action. +3. Keyringer does not protect data which were not encrypted to a keyring, + so be careful when decrypting secrets and writing them to the disk or + other storage media. + # SEE ALSO The *README* file distributed with Keyringer contains full documentation. -- cgit v1.2.3 From 14af076627a25b52ca1761c13e9da824db1bcdae Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Fri, 11 Apr 2014 13:38:34 -0300 Subject: Sketching coding standards --- development.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/development.mdwn b/development.mdwn index 957a7f8..91ddc87 100644 --- a/development.mdwn +++ b/development.mdwn @@ -37,6 +37,13 @@ These steps should be run once in a while to ensure we have an up to date packag DIST=sid sudo cowbuilder --update +Coding standards +---------------- + + - Respect the existing coding style. + + - Be clear: easy audability must be one of keyringer's requirements. + Development workflow -------------------- -- cgit v1.2.3 From 3c06f7b7a2a8fa6577df7b224e334ca831562798 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Fri, 11 Apr 2014 15:45:04 -0300 Subject: Use 'encrypt' on edit action and new env variable KEYRINGER_ADD_EXTENSION --- ChangeLog | 7 ++++++- lib/keyringer/actions/edit | 3 ++- lib/keyringer/actions/encrypt | 4 +++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 738a1f1..efc8dc8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -2014-04-10 - Silvio Rhatto +2014-04-11 - Silvio Rhatto + + Edit: use encrypt action + + Encrypt: support for KEYRINGER_ADD_EXTENSION environment variable + which controls if file extension should be appended to secret name Genpair: generate ssh and ssl keys with 4096 bits size diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index ff220a1..2267f37 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -43,7 +43,8 @@ read key $APP "$TMPWORK" # Encrypt again -$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK" +export KEYRINGER_ADD_EXTENSION=false +keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK" # Check exit status errcrypt="$?" diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt index e9bf453..7415267 100755 --- a/lib/keyringer/actions/encrypt +++ b/lib/keyringer/actions/encrypt @@ -57,9 +57,11 @@ if [ ! -z "$3" ]; then # # Useful when opening files and the application needs the # extension to guess the file type. - if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then + if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then echo "Appending '$EXTENSION' into secret name..." FILE="$BASEPATH.$EXTENSION" + else + FILE="$BASEPATH" fi else FILE="$BASEPATH" -- cgit v1.2.3 From 05a0984a92401a8343fa7cf39247d571723b74da Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 17 Apr 2014 17:17:57 -0300 Subject: Editor leakage warning (#50) --- share/man/keyringer.1.mdwn | 3 +++ 1 file changed, 3 insertions(+) diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 3b2fbc0..407baaa 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -135,6 +135,9 @@ edit <*secret*> : Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the *$EDITOR* environment variable and then re-encrypting it. + Please make sure to use an *$EDITOR* which does not leak data like history buffers. + Keyringer tries to detect if *$EDITOR* is set to VIM and disables the *.viminfo* file. + encrypt <*secret*> [*file*] : Encrypts content from standard input or *file* into *secret* pathname. No spaces are supported in the *secret* name. If *file* is actually a folder, keyringer -- cgit v1.2.3 From 7aa135d606c036ab41d1671b484bb80c11b0442f Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 17 Apr 2014 17:48:57 -0300 Subject: Edit/open: wait for background process to finish (#49) --- ChangeLog | 2 ++ lib/keyringer/actions/edit | 1 + 2 files changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index efc8dc8..742307c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-11 - Silvio Rhatto + Edit/open: wait for background process to finish (#49) + Edit: use encrypt action Encrypt: support for KEYRINGER_ADD_EXTENSION environment variable diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 2267f37..576bb67 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -41,6 +41,7 @@ echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" read key $APP "$TMPWORK" +wait # Encrypt again export KEYRINGER_ADD_EXTENSION=false -- cgit v1.2.3 From 4759a178831bf003e2c962928be11db30feb8795 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 17 Apr 2014 17:55:22 -0300 Subject: Rollback: use find+grep instead of 'find -iname' (#53) --- ChangeLog | 2 ++ lib/keyringer/actions/find | 2 +- lib/keyringer/functions | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 742307c..c068f9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-11 - Silvio Rhatto + Find: rollback: use find+grep instead of 'find -iname' (#53) + Edit/open: wait for background process to finish (#49) Edit: use encrypt action diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find index 21afc7a..9b18d66 100755 --- a/lib/keyringer/actions/find +++ b/lib/keyringer/actions/find @@ -15,5 +15,5 @@ shift ARGS="`echo "$*" | sed -e "s|^/*||"`" # Run find command -cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g' +cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g' cd "$CWD" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index ad18f44..59777d0 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -436,7 +436,7 @@ function keyringer_get_file { elif [ ! -f "$KEYDIR/$FILE" ]; then # Try to find a similar file count=0 - candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`) + candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`) if [ ! -z "$candidates" ]; then echo "Could not find exact match for \"$1\", please choose one of the following secrets:" -- cgit v1.2.3 From 4c5157f9ffbae18f3914b5fb58c07e8d895f1732 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 15:28:01 -0300 Subject: Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) --- ChangeLog | 4 +++- lib/keyringer/functions | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index c068f9c..029a546 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -2014-04-11 - Silvio Rhatto +2014-05-16 - Silvio Rhatto + + Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) Find: rollback: use find+grep instead of 'find -iname' (#53) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 59777d0..50d01db 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -287,7 +287,7 @@ function keyringer_set_env { # Avoid viminfo, see https://keyringer.pw/trac/ticket/50 if $EDITOR --help | grep -q -e "^VIM"; then if ! echo $EDITOR | grep -q -- "-i NONE"; then - EDITOR="$EDITOR -i NONE" + EDITOR="$EDITOR -i NONE '+set nowritebackup' '+set nobackup'" fi fi -- cgit v1.2.3 From 845e593c84661f05576f96da9e384a671ca56e53 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 15:37:55 -0300 Subject: Workaround for open/edit action returning instantaneously (#49) --- ChangeLog | 2 ++ lib/keyringer/actions/edit | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 029a546..e4e7ede 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-05-16 - Silvio Rhatto + Workaround for open/edit action returning instantaneously (#49) + Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) Find: rollback: use find+grep instead of 'find -iname' (#53) diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 576bb67..63017d5 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -38,11 +38,23 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" -echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" +echo "WARNING: please make sure that $APP doesn't leak data to external applications or files" read key $APP "$TMPWORK" + +# Wait for background process to finish wait +# Workaround for some applications running in client/server mode, handling open file requests +# to a daemon and exiting immediatelly, making keyringer guess the editing is over and the file +# must be encrypted again (See #49). +# +# Thus, we cannot just wipe the file and exit keyringer, as the user might have a buffered copy +# of the unencrypted file in the application, which can lead to information leakage if the user +# saves the file and leaves the editor. +echo "Press any key when done using the file and you're sure that $APP is closed." +read -n 1 + # Encrypt again export KEYRINGER_ADD_EXTENSION=false keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK" -- cgit v1.2.3 From e32a1a5bc4d7331e129df173260fc754ff20c0da Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 15:48:04 -0300 Subject: Minor UI enhancements at open/edit actions --- lib/keyringer/actions/edit | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 63017d5..3ccf977 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -39,7 +39,8 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" echo "WARNING: please make sure that $APP doesn't leak data to external applications or files" -read key +echo "Press ENTER to continue" +read -s key $APP "$TMPWORK" # Wait for background process to finish @@ -53,7 +54,7 @@ wait # of the unencrypted file in the application, which can lead to information leakage if the user # saves the file and leaves the editor. echo "Press any key when done using the file and you're sure that $APP is closed." -read -n 1 +read -s -n 1 # Encrypt again export KEYRINGER_ADD_EXTENSION=false -- cgit v1.2.3 From 79a87b0e7536299ba49b559e8bcdd0c96291f413 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 16:43:04 -0300 Subject: Release workflow with git-flow --- development.mdwn | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/development.mdwn b/development.mdwn index 91ddc87..67c6456 100644 --- a/development.mdwn +++ b/development.mdwn @@ -52,9 +52,10 @@ We use [git-flow](https://github.com/nvie/gitflow) for the development workflow. Release workflow ---------------- -Go to master branch +Go to develop branch and start a new release - git checkout master + git checkout develop + git flow release start VERSION Prepare the source code: @@ -64,6 +65,8 @@ Prepare the source code: Create and upload a new release: + git flow release finish $VERSION + git checkout master make release Update the debian branch: -- cgit v1.2.3 From 4edea3d52e0c04651508fba9bae6ed0d81ccaa01 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 16:46:47 -0300 Subject: Keyringer 0.3.4 --- ChangeLog | 2 +- keyringer | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e4e7ede..aa63787 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -2014-05-16 - Silvio Rhatto +2014-05-16 - 0.3.4 - Silvio Rhatto Workaround for open/edit action returning instantaneously (#49) diff --git a/keyringer b/keyringer index 6a1eda5..e1f405f 100755 --- a/keyringer +++ b/keyringer @@ -138,7 +138,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.3.3" +KEYRINGER_VERSION="0.3.4" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" -- cgit v1.2.3 From 30328dcdebd1bdca9385b8f4e17ace0c0500efdc Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 16:47:38 -0300 Subject: Keyringer 0.3.4 --- share/man/keyringer.1 | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index f460cbf..95c236d 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -62,6 +62,11 @@ applied in the keyring repository. .RS .RE .TP +.B commit [\f[I]arguments\f[]] +Alias to "git commit". +.RS +.RE +.TP .B ls <\f[I]path\f[]> List contents from the toplevel repository \f[I]keys\f[] folder or from relative paths if \f[I]path\f[] is specified. @@ -169,6 +174,10 @@ Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the \f[I]$EDITOR\f[] environment variable and then re-encrypting it. .RS +.PP +Please make sure to use an +\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[]. \f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[] * EDITOR\f[] +is set to VIM and disables the \f[I]\&.viminfo\f[] file. .RE .TP .B encrypt <\f[I]secret\f[]> [\f[I]file\f[]] @@ -329,7 +338,10 @@ keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG -option. +option and encrypted repository options. +.PP +To mitigate that, it\[aq]s possible to keep the repo just atop of an +encrypted and non-public place. .IP "2." 3 History is not rewritten by default when secrets are removed from a keyringer repository. @@ -354,6 +366,10 @@ knowledge of the previous secret. Users wishing to edit their repository history should proceed manually using the \f[I]git\f[] action. .RE +.IP "3." 3 +Keyringer does not protect data which were not encrypted to a keyring, +so be careful when decrypting secrets and writing them to the disk or +other storage media. .SH SEE ALSO .PP The \f[I]README\f[] file distributed with Keyringer contains full -- cgit v1.2.3