From 3488be50ec671c4e082766893f2ba6178716b978 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 23 May 2018 15:07:48 -0300 Subject: Increase default password size at pwgen --- lib/keyringer/actions/pwgen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen index 3c03681..5f25447 100755 --- a/lib/keyringer/actions/pwgen +++ b/lib/keyringer/actions/pwgen @@ -13,7 +13,7 @@ FILE="$2" # Generates a random passphrase function keyringer_pwgen { - ENTROPY_BYTES=${1:-20} # in bytes + ENTROPY_BYTES=${1:-40} # in bytes ENTROPY_SOURCE="${ENTROPY_SOURCE:-/dev/urandom}" # Strip possible newlines if output is wrapped. -- cgit v1.2.3 From f90e70bb2c221dc6046bf65f7931164d5ca6801f Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 23 May 2018 16:17:54 -0300 Subject: Automatically generate passphrase at genkeys_gpg --- ChangeLog | 4 ++++ lib/keyringer/actions/genkeys | 30 ++++++++++++++++-------------- 2 files changed, 20 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/ChangeLog b/ChangeLog index 69a4751..449017c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2017-11-23 - unreleased - Silvio Rhatto + + Automatically generate passphrase at genkeys_gpg + 2017-11-03 - 0.5.2 - Silvio Rhatto Fixed incorrect exit statement on append, thanks jamie (#79) diff --git a/lib/keyringer/actions/genkeys b/lib/keyringer/actions/genkeys index 634c847..deacbfd 100755 --- a/lib/keyringer/actions/genkeys +++ b/lib/keyringer/actions/genkeys @@ -34,23 +34,25 @@ function genkeys_ssh { function genkeys_gpg { echo "Make sure that $KEYDIR is atop of an encrypted volume." - passphrase="no" - passphrase_confirm="confirm" + #passphrase="no" + #passphrase_confirm="confirm" - while [ "$passphrase" != "$passphrase_confirm" ]; do - read -s -p "Enter password for the private key: " passphrase - printf "\n" - read -s -p "Enter password again: " passphrase_confirm - printf "\n" + #while [ "$passphrase" != "$passphrase_confirm" ]; do + # read -s -p "Enter password for the private key: " passphrase + # printf "\n" + # read -s -p "Enter password again: " passphrase_confirm + # printf "\n" - if [ "$passphrase" != "$passphrase_confirm" ]; then - echo "Password don't match." - fi - done + # if [ "$passphrase" != "$passphrase_confirm" ]; then + # echo "Password don't match." + # fi + #done + + keyringer_exec pwgen "$BASEDIR" "$FILE.passwd" + passphrase="`keyringer_exec decrypt "$BASEDIR" "$FILE.passwd"`" # TODO: insert random bytes # TODO: custom Name-Comment and Name-Email - # TODO: allow for empty passphrases $GPG --homedir "$TMPWORK" --gen-key --batch < Date: Sun, 25 Feb 2018 16:09:10 +0100 Subject: Add support to "gshred" and "rm -P" to safely delete a file gshred(1) is shred(1) from GNU coreutils on OpenBSD rm(1) on OpenBSD -P Overwrite regular files before deleting them. Files are overwritten once with a random pattern. Files with multiple links will be unlinked but not overwritten. --- lib/keyringer/functions | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 6f9a5e3..6fc82e7 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -197,6 +197,10 @@ function keyringer_shred { tool="wipe" elif which shred &> /dev/null; then tool="shred" + elif which gshred &> /dev/null; then + tool="gshred" + elif _F=$(mktemp); rm -P "${_F}" &> /dev/null; then + tool="rm -P" else # Worst implementation message="WARNING $message" @@ -206,13 +210,13 @@ function keyringer_shred { echo "$message $path using $tool..." if [ -d "$path" ]; then - if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then + if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then $tool -rf $path else find $path -exec $tool -uf {} \; fi else - if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ]; then + if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then $tool -f "$path" else $tool -uf "$path" -- cgit v1.2.3 From ae3c0b175a293a689d876ed0b5d6b29af4a4012c Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 30 May 2018 13:00:54 -0300 Subject: Cleanup mktemp target at keyringer_shred --- lib/keyringer/functions | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 6fc82e7..9f67fc9 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -192,14 +192,15 @@ function keyringer_shred { return fi + # Create our test target + _F="$(mktemp)" + # Get shred implementation if which wipe &> /dev/null; then tool="wipe" elif which shred &> /dev/null; then tool="shred" - elif which gshred &> /dev/null; then - tool="gshred" - elif _F=$(mktemp); rm -P "${_F}" &> /dev/null; then + elif rm -P "${_F}" &> /dev/null; then tool="rm -P" else # Worst implementation @@ -207,6 +208,9 @@ function keyringer_shred { tool="rm" fi + # Cleanup in case "rm -P" is never called or -P flag is unsupported + rm -f "${_F}" + echo "$message $path using $tool..." if [ -d "$path" ]; then -- cgit v1.2.3 From 2a8faa9928b1cbd937bffc1a9918edf07ee39245 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 30 May 2018 13:02:04 -0300 Subject: Rename _F to rmtest at keyringer_shred --- lib/keyringer/functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 9f67fc9..eb63f3e 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -193,14 +193,14 @@ function keyringer_shred { fi # Create our test target - _F="$(mktemp)" + local rmtest="$(mktemp)" # Get shred implementation if which wipe &> /dev/null; then tool="wipe" elif which shred &> /dev/null; then tool="shred" - elif rm -P "${_F}" &> /dev/null; then + elif rm -P "${rmtest}" &> /dev/null; then tool="rm -P" else # Worst implementation @@ -209,7 +209,7 @@ function keyringer_shred { fi # Cleanup in case "rm -P" is never called or -P flag is unsupported - rm -f "${_F}" + rm -f "${rmtest}" echo "$message $path using $tool..." -- cgit v1.2.3 From ffe513c0a851cbdd42ec458def9be15551d03e6e Mon Sep 17 00:00:00 2001 From: Grégoire Jadi Date: Mon, 19 Feb 2018 18:06:48 +0100 Subject: Fix mktemp template for POSIX.1 mktemp OpenBSD doesn't understand the XXXXXX.keyringer format. According to POSIX.1, the six Xs must be at the end of the template. Signed-off-by: Silvio Rhatto --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index eb63f3e..b8f91a7 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -161,7 +161,7 @@ function keyringer_set_tmpfile { if [ -z "$1" ]; then template="$tmp/keyringer.XXXXXXXXXX" else - template="$tmp/XXXXXXXXXX.$1" + template="$tmp/keyringer.$1.XXXXXXXXXX" fi mkdir -p "$tmp" -- cgit v1.2.3 From 97c58315e5e53c1605b73cbf6039a4e16a63c3c8 Mon Sep 17 00:00:00 2001 From: Grégoire Jadi Date: Mon, 19 Feb 2018 17:45:03 +0100 Subject: Replace head -c by dd The '-c' (count bytes) option is not a POSIX.1 option, therefore it is not available on OpenBSD. Replace 'head -c' with 'dd'. Signed-off-by: Silvio Rhatto --- lib/keyringer/actions/pwgen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen index 5f25447..ab5cb84 100755 --- a/lib/keyringer/actions/pwgen +++ b/lib/keyringer/actions/pwgen @@ -18,7 +18,7 @@ function keyringer_pwgen { # Strip possible newlines if output is wrapped. # Also strip trailing = signs as they add nothing to the password's entropy. - head -c $ENTROPY_BYTES $ENTROPY_SOURCE | base64 | tr -d '\n=' + dd bs=1 count=$ENTROPY_BYTES if=$ENTROPY_SOURCE | base64 | tr -d '\n=' echo } -- cgit v1.2.3 From 957d506490ad9447ac7feacba5f96e8404530528 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 30 May 2018 13:24:53 -0300 Subject: Adds status=none at on invocation at keyringer_pwgen --- lib/keyringer/actions/pwgen | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/actions/pwgen b/lib/keyringer/actions/pwgen index ab5cb84..e1e8947 100755 --- a/lib/keyringer/actions/pwgen +++ b/lib/keyringer/actions/pwgen @@ -18,7 +18,7 @@ function keyringer_pwgen { # Strip possible newlines if output is wrapped. # Also strip trailing = signs as they add nothing to the password's entropy. - dd bs=1 count=$ENTROPY_BYTES if=$ENTROPY_SOURCE | base64 | tr -d '\n=' + dd bs=1 count=$ENTROPY_BYTES if=$ENTROPY_SOURCE status=none | base64 | tr -d '\n=' echo } -- cgit v1.2.3 From 15b2331aafcb65e38021f0879a90bd45a7a1ead5 Mon Sep 17 00:00:00 2001 From: Grégoire Jadi Date: Wed, 28 Mar 2018 12:08:21 +0200 Subject: Clean empty directories once the files are removed with shred shred can only remove files. Use rm to cleanup the directories once all files have been erased. Signed-off-by: Silvio Rhatto --- lib/keyringer/functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index b8f91a7..72286ff 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -217,7 +217,8 @@ function keyringer_shred { if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then $tool -rf $path else - find $path -exec $tool -uf {} \; + find $path -type f -exec $tool -uf {} \; + find -d $path -type d -exec rmdir {} \; fi else if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then -- cgit v1.2.3 From 91424544de19ec45d482730bf34fa9a2799d2150 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 30 May 2018 14:41:50 -0300 Subject: Use -depht after path on find for GNU and BSD compatibility --- lib/keyringer/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 72286ff..d529daf 100755 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -218,7 +218,7 @@ function keyringer_shred { $tool -rf $path else find $path -type f -exec $tool -uf {} \; - find -d $path -type d -exec rmdir {} \; + find $path -depth -type d -exec rmdir {} \; fi else if [ "$tool" == "wipe" ] || [ "$tool" == "rm" ] || [ "$tool" == "rm -P" ]; then -- cgit v1.2.3