From 2a702bb52842229d8d3e1ad010c92ad810feee15 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 12:02:48 -0200 Subject: Fixes sclip and adds XDOTOOL_NEXT_WINDOW config --- lib/keyringer/actions/sclip | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip index e4c88fa..a941fd0 100755 --- a/lib/keyringer/actions/sclip +++ b/lib/keyringer/actions/sclip @@ -11,13 +11,18 @@ source "$LIB" || exit 1 shift keyringer $KEYRING xclip $* +# Se window switch combo +if [ -z "$XDOTOOL_NEXT_WINDOW" ]; then + XDOTOOL_NEXT_WINDOW="alt+Tab" +fi + # Move to the next window if which xdotool &> /dev/null; then - xdotool key alt+Tab + xdotool key $XDOTOOL_NEXT_WINDOW fi # Sleep sleep 5 # Overwrite clipboard -cat $RANDOM | sha256sum | base64 -d | xclip +echo $RANDOM | sha256sum | base64 -d | xclip -- cgit v1.2.3 From 85c61ed6857676f4ca259ff73845f3d3c6dab7d2 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 12:03:09 -0200 Subject: Do not quote around EDITOR --- lib/keyringer/actions/preferences | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/actions/preferences b/lib/keyringer/actions/preferences index 6e36ef4..ffabc4c 100755 --- a/lib/keyringer/actions/preferences +++ b/lib/keyringer/actions/preferences @@ -30,7 +30,7 @@ fi if [ "$COMMAND" == "ls" ]; then cat "$PREFERENCES" elif [ "$COMMAND" == "edit" ]; then - "$EDITOR" "$PREFERENCES" + $EDITOR "$PREFERENCES" elif [ "$COMMAND" == "add" ]; then shift 2 [[ -n $* ]] && echo $* >> "$PREFERENCES" -- cgit v1.2.3 From e3273d8ead6ee0da307097febeb27a38e8cc3593 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 12:05:53 -0200 Subject: Adds pwgen action --- lib/keyringer/actions/pwgen | 35 ++++++++++++++++++++++++++++++++ lib/keyringer/completions/bash/keyringer | 4 ++-- lib/keyringer/completions/zsh/_keyringer | 4 ++-- share/man/keyringer.1.mdwn | 10 +++++++++ 4 files changed, 49 insertions(+), 4 deletions(-) create mode 100755 lib/keyringer/actions/pwgen (limited to 'lib') diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen new file mode 100755 index 0000000..45d2bf9 --- /dev/null +++ b/lib/keyringer/actions/pwgen @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# +# Generates passphrases. +# + +# Load functions +LIB="`dirname $0`/../functions" +source "$LIB" || exit 1 + +# Parameters +SIZE="$3" +FILE="$2" + +# Generates a random passphrase +function keyringer_pwgen { + ENTROPY_BYTES=${1:-20} # in bytes + ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}" + + # Strip possible newlines if output is wrapped. + # Also strip trailing = signs as they add nothing to the password's entropy. + head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n=' + echo +} + +# Check +if [ -z "$FILE" ]; then + echo "Usage: keyringer $BASENAME [size]" + exit 1 +elif [ ! -z "$SIZE" ] && ! echo $SIZE | egrep -q '^[0-9]+$'; then + echo "$SIZE is not a number" + exit 1 +fi + +# Encrypt and store a randomly-generated secret +keyringer_pwgen $SIZE | keyringer_exec encrypt "$BASEDIR" "$FILE" diff --git a/lib/keyringer/completions/bash/keyringer b/lib/keyringer/completions/bash/keyringer index ccc8fb9..10b852e 100644 --- a/lib/keyringer/completions/bash/keyringer +++ b/lib/keyringer/completions/bash/keyringer @@ -93,7 +93,7 @@ _keyringer() { recipients) opts="ls edit" ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) + ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) cur="`echo ${cur} | sed -e "s|^/*||"`" # avoid leading slash opts="$(bash -c "set -f && export KEYRINGER_CHECK_RECIPIENTS=false && export KEYRINGER_CHECK_VERSION=false && keyringer $instance ls -p -d ${cur}*" 2> /dev/null)" ;; @@ -128,7 +128,7 @@ _keyringer() { # TODO opts="$(_keyringer_git_complete ${prev} ${cur})" ;; - encrypt|encrypt-batch) + encrypt|encrypt-batch|pwgen) cur="$(_keyringer_path_complete ${cur})" opts="`compgen -o default "${cur}"`" ;; diff --git a/lib/keyringer/completions/zsh/_keyringer b/lib/keyringer/completions/zsh/_keyringer index ff74933..7562352 100644 --- a/lib/keyringer/completions/zsh/_keyringer +++ b/lib/keyringer/completions/zsh/_keyringer @@ -49,7 +49,7 @@ _keyringer() { recipients) compadd "$@" ls edit ;; - ls|tree|mkdir|encrypt|encrypt-batch|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) + ls|tree|mkdir|encrypt|encrypt-batch|pwgen|decrypt|edit|append|append-batch|del|rm|recrypt|open|clip|xclip|sclip|find|mv|cp) words[4]="`echo $words[4] | sed -e "s|^/*||"`" # avoid leading slash compadd "$@" $(KEYRINGER_CHECK_RECIPIENTS=false KEYRINGER_CHECK_VERSION=false keyringer $words[2] ls -p -d $words[4]'*' 2> /dev/null) ;; @@ -83,7 +83,7 @@ _keyringer() { git) compadd "$@" $(_keyringer_git_complete $words[4] $words[5]) ;; - encrypt|encrypt-batch) + encrypt|encrypt-batch|pwgen) _files ;; *) diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 8f024d1..afe7e99 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -163,6 +163,16 @@ open <*secret*> After the application exits, keyringer encrypts the temporary decrypted file again into the secret file and deletes the temporary file. +pwgen <*secret*> [*size*] +: Generates a random passphrase and stores into *secret* pathname with optional + entropy size in bytes. Default size is 20. + + Passphrases will be slightly bigger than size due to base64 conversion. + + With this action you can generate and store a passphrase without need to see + it. Combined with clip or sclip action provides an hygienic way to handle + secrets. + recrypt <*secret*> : Re-encrypts a secret by decrypting it and encrypting it again. Useful when users are added into the recipient configuration. If no *secret* is given, all secrets in the repository -- cgit v1.2.3 From c12b5c6c7eccb8e0922ff034bb3690774e12998c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 12:27:22 -0200 Subject: Make keyringer_check_expiration not fail on subkeys which do not have an expiration date --- lib/keyringer/functions | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 09b004d..fd0176b 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -722,19 +722,25 @@ function keyringer_check_expiration { fi # Check the subkeys - expiry="" - for expiry in `gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub | cut -d : -f 7`; do + local subkey="" + for subkey in $(gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do + local expiry=$(cut -d : -f 7 <<< "$subkey") + if [[ -z "$expiry" ]]; then + not_expired=1 + break + fi if [[ "$seconds" -lt "$expiry" ]]; then not_expired="1" if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`" fi + break fi done # All subkeys are expired - if [ ! -z "$expiry" ] && [ "$not_expired" != "1" ]; then + if [ ! -z "$subkey" ] && [ "$not_expired" != "1" ]; then echo "Fatal: key $recipient has no keys suitable for encryption: all subkeys expired." exit 1 fi -- cgit v1.2.3 From 3a84664504c1263cc947735811285ba487305dde Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 12:27:43 -0200 Subject: Coding style --- lib/keyringer/functions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index fd0176b..d2a83f4 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -725,10 +725,12 @@ function keyringer_check_expiration { local subkey="" for subkey in $(gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^sub); do local expiry=$(cut -d : -f 7 <<< "$subkey") + if [[ -z "$expiry" ]]; then - not_expired=1 - break + not_expired=1 + break fi + if [[ "$seconds" -lt "$expiry" ]]; then not_expired="1" -- cgit v1.2.3 From 21ca00d0d8d6e206cb377dc1febe8f66694142d7 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 12:44:57 -0200 Subject: Fixes keyringer_check_expiration failure if a public key is listed multiple times (#77) --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index d2a83f4..1d53925 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -703,7 +703,7 @@ function keyringer_check_expiration { seconds="`date +%s`" # Check the main key - expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | cut -d : -f 7`" + expiry="`gpg --with-colons --fixed-list-mode --list-keys "$recipient" | grep ^pub | head -n1 | cut -d : -f 7`" # TODO: Time to expire can be configured via repository options. ahead="$((86400 * 30 + $seconds))" -- cgit v1.2.3 From bcf239c6f069ad6c8d433f89a86b909f432ffab1 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 16:03:01 -0200 Subject: Additional fix for sclip clipboard overwrite procedure --- lib/keyringer/actions/sclip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/actions/sclip b/lib/keyringer/actions/sclip index a941fd0..6016f2b 100755 --- a/lib/keyringer/actions/sclip +++ b/lib/keyringer/actions/sclip @@ -25,4 +25,4 @@ fi sleep 5 # Overwrite clipboard -echo $RANDOM | sha256sum | base64 -d | xclip +echo $RANDOM | sha256sum | base64 | xclip -- cgit v1.2.3 From ef29f9d23a98b4e18b2400f3dd29b32de81514a7 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Dec 2016 16:08:15 -0200 Subject: Removes break statements from keyringer_check_expiration --- lib/keyringer/functions | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 1d53925..bd87fd6 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -728,7 +728,6 @@ function keyringer_check_expiration { if [[ -z "$expiry" ]]; then not_expired=1 - break fi if [[ "$seconds" -lt "$expiry" ]]; then @@ -737,7 +736,6 @@ function keyringer_check_expiration { if [[ "$ahead" -gt "$expiry" ]] && [ "$BASENAME" == "check" ]; then echo "Warning: subkey from $recipient will expire soon, on `date --date="@$expiry"`" fi - break fi done -- cgit v1.2.3