From d6119b43f54c53d3fdffd995699337b100eee2c0 Mon Sep 17 00:00:00 2001 From: rhatto Date: Thu, 27 Mar 2014 22:03:39 -0300 Subject: Avoid viminfo if VIM is set as $EDITOR (#50) --- lib/keyringer/actions/edit | 1 + lib/keyringer/functions | 7 +++++++ 2 files changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 03ccdab..ff220a1 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -38,6 +38,7 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" +echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" read key $APP "$TMPWORK" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index f1af951..af300ef 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -284,6 +284,13 @@ function keyringer_set_env { fi fi + # Avoid viminfo, see https://keyringer.pw/trac/ticket/50 + if $EDITOR --help | grep -q -e "^VIM"; then + if ! echo $EDITOR | grep -q -- "-i NONE"; then + EDITOR="$EDITOR -i NONE" + fi + fi + if [ ! -f "$OPTIONS" ]; then echo "No option config was found" exit 1 -- cgit v1.2.3 From edab719642f89ff4180110c6928d9ed62f67debb Mon Sep 17 00:00:00 2001 From: rhatto Date: Wed, 2 Apr 2014 11:38:34 -0300 Subject: Align command output --- ChangeLog | 2 ++ lib/keyringer/functions | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 736bff5..c9a9246 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-03-27 - Silvio Rhatto + Align command output + Avoid viminfo if VIM is set as $EDITOR (#50) 2014-03-22 - 0.3.3 - Silvio Rhatto diff --git a/lib/keyringer/functions b/lib/keyringer/functions index af300ef..1a0747e 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -517,7 +517,7 @@ function keyringer_action_usage { # Return available actions function keyringer_show_actions { - ls $ACTIONS + ls -C $ACTIONS } # Usage @@ -538,6 +538,7 @@ function keyringer_usage { printf "\tinit [remote]\n" $BASENAME fi keyringer_show_actions | sed -e 's/^/\t/' + printf "\n" } # Check repository integrity -- cgit v1.2.3 From 9c18956f82916ff9da2e6a718d2ae208778dab76 Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 4 Apr 2014 13:34:22 -0300 Subject: Adding "commit" action which is a wrapper around "git commit" --- ChangeLog | 4 +++- lib/keyringer/actions/commit | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100755 lib/keyringer/actions/commit (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index c9a9246..9c5a05c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -2014-03-27 - Silvio Rhatto +2014-04-04 - Silvio Rhatto + + Adding "commit" action which is a wrapper around "git commit" Align command output diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit new file mode 100755 index 0000000..47937c2 --- /dev/null +++ b/lib/keyringer/actions/commit @@ -0,0 +1,10 @@ +#!/bin/bash +# +# Git commit wrapper. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +keyringer_exec git "$BASEDIR" commit $* -- cgit v1.2.3 From 549fffc68213d9c960e2de61b294dd90f96263c4 Mon Sep 17 00:00:00 2001 From: rhatto Date: Fri, 4 Apr 2014 15:17:55 -0300 Subject: Fix positional arguments on commit action --- lib/keyringer/actions/commit | 4 ++++ lib/keyringer/actions/git | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/actions/commit b/lib/keyringer/actions/commit index 47937c2..b124927 100755 --- a/lib/keyringer/actions/commit +++ b/lib/keyringer/actions/commit @@ -7,4 +7,8 @@ LIB="`dirname $0`/../functions" source "$LIB" || exit 1 +# Fix positional arguments +shift + +# Run git command keyringer_exec git "$BASEDIR" commit $* diff --git a/lib/keyringer/actions/git b/lib/keyringer/actions/git index d4e7aa4..059b20e 100755 --- a/lib/keyringer/actions/git +++ b/lib/keyringer/actions/git @@ -10,8 +10,9 @@ source "$LIB" || exit 1 # Aditional parameters CWD="`pwd`" -# Run git command +# Fix positional arguments shift +# Run git command mkdir -p "$BASEDIR" && cd "$BASEDIR" && git $* cd "$CWD" -- cgit v1.2.3 From 23f21f59d9075f36c273e48f8f993a8018cec102 Mon Sep 17 00:00:00 2001 From: rhatto Date: Sun, 6 Apr 2014 20:04:20 -0300 Subject: Be more verbose on recrypt errors --- ChangeLog | 4 +++- lib/keyringer/actions/recrypt | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 9c5a05c..8e4d5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -2014-04-04 - Silvio Rhatto +2014-04-06 - Silvio Rhatto + + Be more verbose on recrypt errors Adding "commit" action which is a wrapper around "git commit" diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt index 696399b..d374308 100755 --- a/lib/keyringer/actions/recrypt +++ b/lib/keyringer/actions/recrypt @@ -19,7 +19,7 @@ function keyringer_recrypt { decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)" if [ "$?" != "0" ]; then - echo "Decryption error." + echo "Decryption error on $1." exit 1 fi @@ -27,7 +27,7 @@ function keyringer_recrypt { recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`" if [ "$?" != "0" ]; then - echo "Recryption error." + echo "Recryption error on $1." exit 1 fi -- cgit v1.2.3 From 9218a6dfa42cc9a83d754d4c47b562a31102cf30 Mon Sep 17 00:00:00 2001 From: rhatto Date: Sun, 6 Apr 2014 20:37:42 -0300 Subject: Fix recryption error when using gpg-agent in text mode --- ChangeLog | 2 ++ lib/keyringer/actions/recrypt | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 8e4d5c9..73849ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-06 - Silvio Rhatto + Fix recryption error when using gpg-agent in text mode (#55) + Be more verbose on recrypt errors Adding "commit" action which is a wrapper around "git commit" diff --git a/lib/keyringer/actions/recrypt b/lib/keyringer/actions/recrypt index d374308..30c9254 100755 --- a/lib/keyringer/actions/recrypt +++ b/lib/keyringer/actions/recrypt @@ -16,7 +16,7 @@ function keyringer_recrypt { keyringer_set_recipients "$FILE" # Decrypt - decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)" + decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE")" if [ "$?" != "0" ]; then echo "Decryption error on $1." -- cgit v1.2.3 From e6c63e48cf556930364e1c0684b4b550b32a5ead Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Sun, 6 Apr 2014 22:18:31 -0300 Subject: Fix usage message inside keyringer shell --- ChangeLog | 2 ++ lib/keyringer/functions | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 73849ef..57b4746 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-06 - Silvio Rhatto + Fix usage message inside keyringer shell. + Fix recryption error when using gpg-agent in text mode (#55) Be more verbose on recrypt errors diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 1a0747e..ad18f44 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -525,7 +525,7 @@ function keyringer_usage { local keyrings="$(ls --color=never `dirname $CONFIG` | sed -e 's/config//' | xargs)" printf "Keyringer $KEYRINGER_VERSION\n" - printf "Usage: %s [arguments]\n\n" "$BASENAME" + printf "Usage: keyringer [arguments]\n\n" # Display only when not in a keyring context if [ ! -z "$keyrings" ] && [ -z "$1" ]; then -- cgit v1.2.3 From 9469f033404ce0ffea8b379fd26a046f9a6c61c0 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Tue, 8 Apr 2014 16:47:05 -0300 Subject: Genpair: generate ssh keys with 4096 bits --- ChangeLog | 6 ++++-- lib/keyringer/actions/genpair | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 57b4746..916dbc2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ -2014-04-06 - Silvio Rhatto +2014-04-08 - Silvio Rhatto - Fix usage message inside keyringer shell. + Genpair: generate ssh keys with 4096 bits + + Fix usage message inside keyringer shell Fix recryption error when using gpg-agent in text mode (#55) diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair index 6898b0f..509f5c2 100755 --- a/lib/keyringer/actions/genpair +++ b/lib/keyringer/actions/genpair @@ -12,7 +12,7 @@ function genpair_ssh { read -p "Hit ENTER to continue." prompt # We're using empty passphrases - ssh-keygen -t rsa -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" + ssh-keygen -t rsa -b 4096 -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." -- cgit v1.2.3 From 9d04c79cf4a5b99d8910e07b5232267ed4cedcf5 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 10 Apr 2014 10:47:20 -0300 Subject: Genpair: 4096 bits ssl by default --- ChangeLog | 4 ++-- lib/keyringer/actions/genpair | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 916dbc2..738a1f1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ -2014-04-08 - Silvio Rhatto +2014-04-10 - Silvio Rhatto - Genpair: generate ssh keys with 4096 bits + Genpair: generate ssh and ssl keys with 4096 bits size Fix usage message inside keyringer shell diff --git a/lib/keyringer/actions/genpair b/lib/keyringer/actions/genpair index 509f5c2..6fc6dcd 100755 --- a/lib/keyringer/actions/genpair +++ b/lib/keyringer/actions/genpair @@ -132,7 +132,7 @@ EOF cat openssl.conf read -p "Hit ENTER to continue." prompt - openssl req -batch -nodes -config openssl.conf -newkey rsa:2048 -sha256 \ + openssl req -batch -nodes -config openssl.conf -newkey rsa:4096 -sha256 \ -keyout ${NODE}_privatekey.pem -out ${NODE}_csr.pem openssl req -noout -text -in ${NODE}_csr.pem -- cgit v1.2.3 From 3c06f7b7a2a8fa6577df7b224e334ca831562798 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Fri, 11 Apr 2014 15:45:04 -0300 Subject: Use 'encrypt' on edit action and new env variable KEYRINGER_ADD_EXTENSION --- ChangeLog | 7 ++++++- lib/keyringer/actions/edit | 3 ++- lib/keyringer/actions/encrypt | 4 +++- 3 files changed, 11 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 738a1f1..efc8dc8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,9 @@ -2014-04-10 - Silvio Rhatto +2014-04-11 - Silvio Rhatto + + Edit: use encrypt action + + Encrypt: support for KEYRINGER_ADD_EXTENSION environment variable + which controls if file extension should be appended to secret name Genpair: generate ssh and ssl keys with 4096 bits size diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index ff220a1..2267f37 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -43,7 +43,8 @@ read key $APP "$TMPWORK" # Encrypt again -$GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK" +export KEYRINGER_ADD_EXTENSION=false +keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK" # Check exit status errcrypt="$?" diff --git a/lib/keyringer/actions/encrypt b/lib/keyringer/actions/encrypt index e9bf453..7415267 100755 --- a/lib/keyringer/actions/encrypt +++ b/lib/keyringer/actions/encrypt @@ -57,9 +57,11 @@ if [ ! -z "$3" ]; then # # Useful when opening files and the application needs the # extension to guess the file type. - if ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then + if [ "$KEYRINGER_ADD_EXTENSION" != "false" ] && ! echo $BASEPATH | grep -q -e "\.$EXTENSION$"; then echo "Appending '$EXTENSION' into secret name..." FILE="$BASEPATH.$EXTENSION" + else + FILE="$BASEPATH" fi else FILE="$BASEPATH" -- cgit v1.2.3 From 7aa135d606c036ab41d1671b484bb80c11b0442f Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 17 Apr 2014 17:48:57 -0300 Subject: Edit/open: wait for background process to finish (#49) --- ChangeLog | 2 ++ lib/keyringer/actions/edit | 1 + 2 files changed, 3 insertions(+) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index efc8dc8..742307c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-11 - Silvio Rhatto + Edit/open: wait for background process to finish (#49) + Edit: use encrypt action Encrypt: support for KEYRINGER_ADD_EXTENSION environment variable diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 2267f37..576bb67 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -41,6 +41,7 @@ echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" read key $APP "$TMPWORK" +wait # Encrypt again export KEYRINGER_ADD_EXTENSION=false -- cgit v1.2.3 From 4759a178831bf003e2c962928be11db30feb8795 Mon Sep 17 00:00:00 2001 From: "rhatto@riseup.net" Date: Thu, 17 Apr 2014 17:55:22 -0300 Subject: Rollback: use find+grep instead of 'find -iname' (#53) --- ChangeLog | 2 ++ lib/keyringer/actions/find | 2 +- lib/keyringer/functions | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 742307c..c068f9c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-04-11 - Silvio Rhatto + Find: rollback: use find+grep instead of 'find -iname' (#53) + Edit/open: wait for background process to finish (#49) Edit: use encrypt action diff --git a/lib/keyringer/actions/find b/lib/keyringer/actions/find index 21afc7a..9b18d66 100755 --- a/lib/keyringer/actions/find +++ b/lib/keyringer/actions/find @@ -15,5 +15,5 @@ shift ARGS="`echo "$*" | sed -e "s|^/*||"`" # Run find command -cd "$KEYDIR/$RELATIVE_PATH" && find -iname "*$ARGS*" | sed -e 's|^./||g' +cd "$KEYDIR/$RELATIVE_PATH" && find | grep -i "$ARGS" | sed -e 's|^./||g' cd "$CWD" diff --git a/lib/keyringer/functions b/lib/keyringer/functions index ad18f44..59777d0 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -436,7 +436,7 @@ function keyringer_get_file { elif [ ! -f "$KEYDIR/$FILE" ]; then # Try to find a similar file count=0 - candidates=(`keyringer_exec find "$BASEDIR" "$1*.asc"`) + candidates=(`keyringer_exec find "$BASEDIR" | grep -i "$1" | grep -e '.asc$'`) if [ ! -z "$candidates" ]; then echo "Could not find exact match for \"$1\", please choose one of the following secrets:" -- cgit v1.2.3 From 4c5157f9ffbae18f3914b5fb58c07e8d895f1732 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 15:28:01 -0300 Subject: Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) --- ChangeLog | 4 +++- lib/keyringer/functions | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index c068f9c..029a546 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,6 @@ -2014-04-11 - Silvio Rhatto +2014-05-16 - Silvio Rhatto + + Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) Find: rollback: use find+grep instead of 'find -iname' (#53) diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 59777d0..50d01db 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -287,7 +287,7 @@ function keyringer_set_env { # Avoid viminfo, see https://keyringer.pw/trac/ticket/50 if $EDITOR --help | grep -q -e "^VIM"; then if ! echo $EDITOR | grep -q -- "-i NONE"; then - EDITOR="$EDITOR -i NONE" + EDITOR="$EDITOR -i NONE '+set nowritebackup' '+set nobackup'" fi fi -- cgit v1.2.3 From 845e593c84661f05576f96da9e384a671ca56e53 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 15:37:55 -0300 Subject: Workaround for open/edit action returning instantaneously (#49) --- ChangeLog | 2 ++ lib/keyringer/actions/edit | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 029a546..e4e7ede 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2014-05-16 - Silvio Rhatto + Workaround for open/edit action returning instantaneously (#49) + Use 'nobackup' and 'nowritebackup' if VIM is set as $EDITOR (#50) Find: rollback: use find+grep instead of 'find -iname' (#53) diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 576bb67..63017d5 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -38,11 +38,23 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" -echo "WARNING: please make sure that $APP doesn't leak data to external applications os files" +echo "WARNING: please make sure that $APP doesn't leak data to external applications or files" read key $APP "$TMPWORK" + +# Wait for background process to finish wait +# Workaround for some applications running in client/server mode, handling open file requests +# to a daemon and exiting immediatelly, making keyringer guess the editing is over and the file +# must be encrypted again (See #49). +# +# Thus, we cannot just wipe the file and exit keyringer, as the user might have a buffered copy +# of the unencrypted file in the application, which can lead to information leakage if the user +# saves the file and leaves the editor. +echo "Press any key when done using the file and you're sure that $APP is closed." +read -n 1 + # Encrypt again export KEYRINGER_ADD_EXTENSION=false keyringer_exec encrypt "$BASEDIR" "$FILE" "$TMPWORK" -- cgit v1.2.3 From e32a1a5bc4d7331e129df173260fc754ff20c0da Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Fri, 16 May 2014 15:48:04 -0300 Subject: Minor UI enhancements at open/edit actions --- lib/keyringer/actions/edit | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/actions/edit b/lib/keyringer/actions/edit index 63017d5..3ccf977 100755 --- a/lib/keyringer/actions/edit +++ b/lib/keyringer/actions/edit @@ -39,7 +39,8 @@ fi # Prompt echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" echo "WARNING: please make sure that $APP doesn't leak data to external applications or files" -read key +echo "Press ENTER to continue" +read -s key $APP "$TMPWORK" # Wait for background process to finish @@ -53,7 +54,7 @@ wait # of the unencrypted file in the application, which can lead to information leakage if the user # saves the file and leaves the editor. echo "Press any key when done using the file and you're sure that $APP is closed." -read -n 1 +read -s -n 1 # Encrypt again export KEYRINGER_ADD_EXTENSION=false -- cgit v1.2.3