From 36f28df76c0ac0e8706fb00ec51820aa1df07c2f Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 18 Jan 2020 11:19:11 -0300 Subject: Install zsh completion in the default path Install the zsh completer into site-functions rather than vendor-completions. vendor-completions is a Debian-ism that many distros and other OSes don't support. site-functions is added to the default fpath by zsh, so it should just work for all users. Patch thanks to Matthew Martin. --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 53dd921..9946667 100644 --- a/Makefile +++ b/Makefile @@ -43,7 +43,7 @@ install_man: install_completion: $(INSTALL) -D -m 0644 lib/keyringer/completions/bash/keyringer $(DESTDIR)/$(PREFIX)/share/bash-completion/completions/keyringer - $(INSTALL) -D -m 0644 lib/keyringer/completions/zsh/_keyringer $(DESTDIR)/$(PREFIX)/share/zsh/vendor-completions/_keyringer + $(INSTALL) -D -m 0644 lib/keyringer/completions/zsh/_keyringer $(DESTDIR)/$(PREFIX)/share/zsh/site-functions/_keyringer install: clean @make install_lib install_bin install_doc install_man install_completion -- cgit v1.2.3 From 76cc66615e931352f2671653e931b179e8e0ecd9 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 18 Jan 2020 11:23:19 -0300 Subject: Updates ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 892b99d..124f69e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2020-01-18 - develop - Silvio Rhatto + + Install zsh completion in the default path + 2019-03-25 - 0.5.5 - Silvio Rhatto Adds COMMIT_AFTER_ENCRYPT setting -- cgit v1.2.3 From bb3f78c11888678a9eb268c6d27fb4b5b0c7f207 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 18 Sep 2020 08:52:37 -0300 Subject: Genkeys: show CSR when generating x509 keys --- lib/keyringer/actions/genkeys | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys index addd10d..d9af46a 100755 --- a/lib/keyringer/actions/genkeys +++ b/lib/keyringer/actions/genkeys @@ -185,6 +185,11 @@ EOF openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint fi + # Show CSR + if [ "$KEYTYPE" != "ssl-self" ] || [ "$KEYTYPE" != "x509-self" ]; then + cat "$TMPWORK/${NODE}_csr.pem" + fi + echo "Done" } -- cgit v1.2.3 From d39c5d247a167acf3747b061137c42f798183e3c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 7 Nov 2020 12:28:48 -0300 Subject: Feat: adds "pass" action --- ChangeLog | 4 ++++ lib/keyringer/actions/pass | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100755 lib/keyringer/actions/pass diff --git a/ChangeLog b/ChangeLog index 124f69e..474a09f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2020-11-07 - develop - Silvio Rhatto + + Adds "pass" action behaving like pass(1) for outputing single-line secrets. + 2020-01-18 - develop - Silvio Rhatto Install zsh completion in the default path diff --git a/lib/keyringer/actions/pass b/lib/keyringer/actions/pass new file mode 100755 index 0000000..7bca7d5 --- /dev/null +++ b/lib/keyringer/actions/pass @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +# +# Behave like pass(1), outputing just the first line of a secret. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" read $* || exit 1 + +# Get file +keyringer_get_file "$2" + +# Decrypt +pass="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null | head -n 1)" + +# Output password +echo "$pass" + +# Exit +exit "$?" -- cgit v1.2.3 From dc6b6e5d79d2c8b9e04d9e7cfab97fd3f6d49a5d Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 23 May 2021 14:11:06 -0300 Subject: Tasks: genpair: Tor Onion v3 auth keypairs --- .task/backlog.data | 5 +++++ .task/pending.data | 1 + .task/undo.data | 19 +++++++++++++++++++ tasks.md | 4 ++-- 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/.task/backlog.data b/.task/backlog.data index d047ddf..8681994 100644 --- a/.task/backlog.data +++ b/.task/backlog.data @@ -66,3 +66,8 @@ {"description":"Merge OpenBSD patches","entry":"20180522T173012Z","modified":"20180530T173542Z","project":"keyringer","status":"pending","tags":["important"],"uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"} {"description":"Merge OpenBSD patches","entry":"20180522T173012Z","modified":"20180530T173559Z","project":"keyringer","status":"pending","uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"} {"description":"Merge OpenBSD patches","end":"20180530T174450Z","entry":"20180522T173012Z","modified":"20180530T174450Z","project":"keyringer","status":"completed","uuid":"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T165944Z","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T170601Z","priority":"M","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation","entry":"20210523T165944Z","modified":"20210523T170617Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"description","entry":"20210523T165944Z","modified":"20210523T170708Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} +{"description":"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b","entry":"20210523T165944Z","modified":"20210523T170815Z","priority":"M","project":"keyringer","status":"pending","uuid":"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"} diff --git a/.task/pending.data b/.task/pending.data index 55a1f53..f9eb022 100644 --- a/.task/pending.data +++ b/.task/pending.data @@ -45,3 +45,4 @@ [description:"(bw)Is#59 - Hidden service howto .. https:\/\/keyringer.pw\/trac\/ticket\/59" entry:"1527005932" modified:"1527005932" priority:"L" project:"keyringer" status:"pending" traccomponent:"usability" tracnumber:"59" tracsummary:"Hidden service howto" tracurl:"https:\/\/keyringer.pw\/trac\/ticket\/59" uuid:"10e30d99-7c65-45af-9d72-d67b93966e5f"] [description:"(bw)Is#67 - Document tips .. https:\/\/keyringer.pw\/trac\/ticket\/67" entry:"1527005932" modified:"1527005932" priority:"L" project:"keyringer" status:"pending" traccomponent:"usability" tracnumber:"67" tracsummary:"Document tips" tracurl:"https:\/\/keyringer.pw\/trac\/ticket\/67" uuid:"e45c7e62-d550-437d-9393-b9944220cb67"] [description:"Build static HTML report from taskwarrior" entry:"1527010498" modified:"1527010498" project:"keyringer" status:"pending" uuid:"5a63f746-48b2-4a16-a61b-81e8bcaeae27"] +[description:"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b" entry:"1621789184" modified:"1621789695" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] diff --git a/.task/undo.data b/.task/undo.data index 27855a7..ebe9068 100644 --- a/.task/undo.data +++ b/.task/undo.data @@ -222,3 +222,22 @@ time 1527702290 old [description:"Merge OpenBSD patches" entry:"1527010212" modified:"1527701759" project:"keyringer" status:"pending" uuid:"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"] new [description:"Merge OpenBSD patches" end:"1527702290" entry:"1527010212" modified:"1527702290" project:"keyringer" status:"completed" uuid:"01592365-2285-4c2e-8ee6-2fcc61eaa5b2"] --- +time 1621789184 +new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789184" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789561 +old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789184" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789561" priority:"M" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789577 +old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789561" priority:"M" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789577" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789628 +old [description:"Genpair: support Tor Onion v3 Auth keypair generation" entry:"1621789184" modified:"1621789577" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"description" entry:"1621789184" modified:"1621789628" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- +time 1621789695 +old [description:"description" entry:"1621789184" modified:"1621789628" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +new [description:"Genpair: support Tor Onion v3 Auth keypair generation using https:\/\/gist.github.com\/mtigas\/9c2386adf65345be34045dace134140b" entry:"1621789184" modified:"1621789695" priority:"M" project:"keyringer" status:"pending" uuid:"54da99d5-5e8b-4d84-b54d-d3fb4f002dc6"] +--- diff --git a/tasks.md b/tasks.md index 17f8de1..2d9beec 100644 --- a/tasks.md +++ b/tasks.md @@ -13,7 +13,7 @@ Current issue tracker: [Taskwarrior](https://taskwarrior.org/) with data stored sudo apt install trac-xmlrpc trac-admin . config set components tracrpc.* enabled - trac-admin . permission add authenticated XML_RPC + trac-admin . permission add authenticated XML_RPC ## Client side @@ -26,7 +26,7 @@ Current issue tracker: [Taskwarrior](https://taskwarrior.org/) with data stored * https://bugwarrior.readthedocs.io/en/latest/common_configuration.html#envvar-BUGWARRIORRC * https://bugwarrior.readthedocs.io/en/latest/services/trac.html -* https://bugwarrior.readthedocs.io/en/latest/configuration.html#example-configuration +* https://bugwarrior.readthedocs.io/en/latest/configuration.html#example-configuration * https://bugwarrior.readthedocs.io/en/latest/using.html * https://trac.edgewall.org/wiki/TracPlugins * https://trac-hacks.org/wiki/XmlRpcPlugin -- cgit v1.2.3 From 655905f67b5172960e5c5ca6549b81c33ca0eb91 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 3 Jul 2021 10:50:53 -0300 Subject: Fix: debian bug 990255 --- ChangeLog | 5 ++++- Makefile | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 474a09f..0ce5aa6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,7 @@ -2020-11-07 - develop - Silvio Rhatto +2021-07-03 - 0.5.6 - Silvio Rhatto + + Fix Debian bug #990255: keyringer incorrectly tries to use vim settings from + '/usr/bin/../share/keyringer/editors/vim' Adds "pass" action behaving like pass(1) for outputing single-line secrets. diff --git a/Makefile b/Makefile index 9946667..7311363 100644 --- a/Makefile +++ b/Makefile @@ -28,8 +28,8 @@ install_lib: $(INSTALL) -D -m 0755 lib/keyringer/functions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/functions $(INSTALL) -D -m 0755 -d lib/keyringer/actions $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions $(INSTALL) -D -m 0755 lib/keyringer/actions/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/actions - $(INSTALL) -D -m 0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors - $(INSTALL) -D -m 0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/lib/$(PACKAGE)/editors + $(INSTALL) -D -m 0755 -d share/keyringer/editors $(DESTDIR)/$(PREFIX)/share/$(PACKAGE)/editors + $(INSTALL) -D -m 0644 share/keyringer/editors/* $(DESTDIR)/$(PREFIX)/share/$(PACKAGE)/editors install_bin: $(INSTALL) -D -m 0755 keyringer $(DESTDIR)/$(PREFIX)/bin/keyringer -- cgit v1.2.3 From 493e7ef750bd5fbf7db59793776cd9fb75756d3c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 3 Jul 2021 10:51:32 -0300 Subject: Keyringer 0.5.6 --- keyringer | 2 +- share/man/keyringer.1 | 54 +++++++++++++++++++++++++++------------------------ 2 files changed, 30 insertions(+), 26 deletions(-) diff --git a/keyringer b/keyringer index 4c3570d..8c1faf2 100755 --- a/keyringer +++ b/keyringer @@ -140,7 +140,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.5.5" +KEYRINGER_VERSION="0.5.6" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 16cceb7..def8c38 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pandoc 1.17.2 +.\" Automatically generated by Pandoc 2.2.1 .\" .TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" "" .hy @@ -7,7 +7,7 @@ keyringer \- encrypted and distributed secret sharing software .SH SYNOPSIS .PP -keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]... +keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]\&... .SH DESCRIPTION .PP Keyringer lets you manage and share secrets using GnuPG and Git in a @@ -66,7 +66,7 @@ applied in the keyring repository. .RE .TP .B commit [\f[I]arguments\f[]] -Alias to "git commit". +Alias to \[lq]git commit\[rq]. .RS .RE .TP @@ -102,7 +102,7 @@ where all other actions can be called and are operated from the current selected keyring. .RS .PP -An additional "cd" internal command is available for directory +An additional \[lq]cd\[rq] internal command is available for directory navigation. .PP All <\f[I]secret\f[]> parameters from actions invoked from the shell are @@ -189,8 +189,8 @@ variable and then re\-encrypting it. .RS .PP Please make sure to use an -\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[]*EDITOR\f[] -is set to VIM and disables the \f[I]\&.viminfo\f[] file. +\f[I]\f[]E\f[I]\f[]D\f[I]\f[]I\f[I]\f[]T\f[I]\f[]O\f[I]\f[]R\f[I] * \f[]w\f[I]\f[]h\f[I]\f[]i\f[I]\f[]c\f[I]\f[]h\f[I]\f[]d\f[I]\f[]o\f[I]\f[]e\f[I]\f[]s\f[I]\f[]n\f[I]\f[]o\f[I]\f[]t\f[I]\f[]l\f[I]\f[]e\f[I]\f[]a\f[I]\f[]k\f[I]\f[]d\f[I]\f[]a\f[I]\f[]t\f[I]\f[]a\f[I]\f[]l\f[I]\f[]i\f[I]\f[]k\f[I]\f[]e\f[I]\f[]h\f[I]\f[]i\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]r\f[I]\f[]y\f[I]\f[]b\f[I]\f[]u\f[I]\f[]f\f[I]\f[]f\f[I]\f[]e\f[I]\f[]r\f[I]\f[]s\f[I].\f[]K\f[I]\f[]e\f[I]\f[]y\f[I]\f[]r\f[I]\f[]i\f[I]\f[]n\f[I]\f[]g\f[I]\f[]e\f[I]\f[]r\f[I]\f[]t\f[I]\f[]r\f[I]\f[]i\f[I]\f[]e\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]d\f[I]\f[]e\f[I]\f[]t\f[I]\f[]e\f[I]\f[]c\f[I]\f[]t\f[I]\f[]i\f[I]\f[]f\f[I]*EDITOR\f[] +is set to VIM and disables the \f[I].viminfo\f[] file. .RE .TP .B encrypt <\f[I]secret\f[]> [\f[I]file\f[]] @@ -198,7 +198,7 @@ Encrypts content from standard input or \f[I]file\f[] into \f[I]secret\f[] pathname. No spaces are supported in the \f[I]secret\f[] name. If \f[I]file\f[] is actually a folder, keyringer will recursivelly -encrypt all it\[aq]s contents. +encrypt all it's contents. .RS .RE .TP @@ -297,9 +297,9 @@ comments. List, edit or add \f[I]user\f[] preferences for a given repository. .RS .PP -User preferences are settings which are saved in the user\[aq]s -keyringer folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the -other users. +User preferences are settings which are saved in the user's keyringer +folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the other +users. .PP Preferences are written using the \f[I]KEY=VALUE\f[] syntax. All lines starting with the hash (#) character are interpreted as @@ -328,17 +328,17 @@ Keyringer uses a default recipients file, but specifying a custom \f[I]recipients\-file\f[] pathname will override this default. .PP For instance, if a user encrypts a secret to a file in the keyring -repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[] +repository's \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[] under \f[I]accounting\f[] will be used. Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[] encrypted using the public keys listed in the config file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. .PP -Each line in a recipients file has entries in the format -\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where -\f[I]john\@doe.com\f[] is an alias for the OpenPGP public key whose -fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] +Each line in a recipients file has entries in the format `john\@doe.com +XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where \f[I]john\@doe.com\f[] +is an alias for the OpenPGP public key whose fingerprint is +\f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] .PP All lines starting with the hash (#) character are interpreted as comments. @@ -364,7 +364,7 @@ to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder. .SH FILES .TP .B $HOME/.keyringer/config -User\[aq]s main configuration file used to map alias names to keyrings. +User's main configuration file used to map alias names to keyrings. .RS .RE .TP @@ -386,11 +386,13 @@ Metadata is not encrypted, meaning that an attacker with access to a keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository -configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG +configuration with support for the \f[I]\[en]hidden\-recipient\f[] GnuPG option and encrypted repository options. +.RS 4 .PP -To mitigate that, it\[aq]s possible to keep the repo just atop of an +To mitigate that, it's possible to keep the repo just atop of an encrypted and non\-public place. +.RE .IP "2." 3 History is not rewritten by default when secrets are removed from a keyringer repository. @@ -398,14 +400,14 @@ After a secret is removed with the \f[I]del\f[] action, it will still be available in the repository history even after a commit. This is by design for the following reasons: .IP \[bu] 2 -It\[aq]s the default behavior of the Git content tracker. +It's the default behavior of the Git content tracker. Forcing the deletion by default could break the expected behavior and -hence limit the repository\[aq]s backup features, which can be helpful -if someone mistakenly overwrites a secret. +hence limit the repository's backup features, which can be helpful if +someone mistakenly overwrites a secret. .IP \[bu] 2 History rewriting cannot be considered a security measure against the -unauthorized access to a secret as it doesn\[aq]t automatically update -all working copies of the repository. +unauthorized access to a secret as it doesn't automatically update all +working copies of the repository. .RS 2 .PP In the case that the secret is a passphrase, the recommended measure @@ -419,13 +421,15 @@ using the \f[I]git\f[] action. Keyringer does not protect data which were not encrypted to a keyring, so be careful when decrypting secrets and writing them to the disk or other storage media. +.RS 4 .PP Pay special attention that keyringer outputs data to stdout, which could be easily spotted by any agent looking directly at you computer screen. .PP The xclip action even copies secret data to the X11 clipboard, which can -be accessed by any application running in the user\[aq]s X11 session, so -use this feature carefully. +be accessed by any application running in the user's X11 session, so use +this feature carefully. +.RE .SH SEE ALSO .PP The \f[I]README\f[] file distributed with Keyringer contains full -- cgit v1.2.3