From dfac71971d7ad2cfb153aed9b01b9fc6880fc09d Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 12:29:33 -0300 Subject: Initial manpage code --- share/man/keyringer.1.mdwn | 96 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 share/man/keyringer.1.mdwn (limited to 'share/man/keyringer.1.mdwn') diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn new file mode 100644 index 0000000..99abd60 --- /dev/null +++ b/share/man/keyringer.1.mdwn @@ -0,0 +1,96 @@ +% KEYRINGER(1) Keyringer User Manual +% Silvio Rhatto +% August 17, 2013 + +# NAME + +keyringer - encrypted and distributed secret sharing software + +# SYNOPSIS + +keyringer <*keyring*> <*action*> [*options*]... + +# DESCRIPTION + +Keyringer lets you manage and share secrets using GPG and git with custom +commands to encrypt, decrypt, recrypt, create key pairs, etc. + +# ACTIONS + +Keyringer has three types of actions: + +1. Configuration actions. +2. Secret manipulation actions. +3. Repository lookup and manipulation actions. + +## CONFIGURATION ACTIONS + +commands +: List available actions, useful for shell completion and syntax check. + +options <*ls*|*edit*|*add*> +: List, edit or add miscelaneous *repository options*. + +preferences <*ls*|*edit*|*add*> +: List, edit or add *user options* for a given repository. + +recipients <*ls*|*edit*> <*recipient-file*> +: List or edit recipient configuration. + +usage +: Show usage information. + +## SECRET MANIPULATION ACTIONS + +All secret manipulation actions operates upon a *SECRET*, which is the pathname +of an encrypted file relative to keyring with optional `.asc` extension. + +Secret manipulation actions do not commit changes into the secret repository. +After any manipulation, the user has to manually commit the changes. + +append <*SECRET*> +: Append contents into a secret. + +append-batch <*SECRET*> +: Append contents into a secret, batch mode. + +decrypt <*SECRET*> +: Decrypts a secret into standard output. + +del <*SECRET*> +: Removes a secret using git. After deleting a secret a git commit and push is still + needed to update remote repositories. To completely remove a file from a keyring, + you should also rewrite the git history by yourself. + +edit <*SECRET*> +: Edits a secret by temporarily decrypting it, opening the decrypted copy into *$EDITOR* + and then recrypting it again. + +encrypt <*SECRET*> +: Encrypts content from standard input into *SECRET*. + +encrypt-batch <*SECRET*> +: Encrypt content, batch mode. + +genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*] +: Wrapper to generete encryption keypairs, useful for automated key deployment. + +recrypt <*SECRET*> +: Recrypts a secret by decrypting it and recrypting again. Useful when users are added + into recipient configuration. If no *SECRET* is given, all secrets in the repository + are re-encrypted. + +# REPOSITORY LOOKUP AND MANIPULATION ACTIONS + +git <*action*> <*options*> +: Git wrapper that operates from the toplevel keyring repository. + +ls <*PATH*> +: List contents from the toplevel repository *keys* folder or from relative *PATH*. + +# SEE ALSO + +The *README* file distributed with Keyringer contains full documentation. + +The Keyringer source code and all documentation may be downloaded from +. -- cgit v1.2.3 From d46f13b4683dcd456387e81b53017d2b672e778e Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 12:49:53 -0300 Subject: Adding 'open' action --- debian/control | 2 +- share/keyringer/edit | 15 +++++++++++++-- share/keyringer/open | 1 + share/man/keyringer.1.mdwn | 3 +++ 4 files changed, 18 insertions(+), 3 deletions(-) create mode 120000 share/keyringer/open (limited to 'share/man/keyringer.1.mdwn') diff --git a/debian/control b/debian/control index b386532..689c7d9 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Homepage: https://keyringer.pw Package: keyringer Architecture: all Depends: ${shlibs:Depends}, ${misc:Depends}, bash, git-core, gnupg, grep, gawk, coreutils, sed -Recommends: openssl +Recommends: openssl, xdg-utils Description: Distributed secret management using GPG and git Keyringer lets you manage and share secrets using GPG and git in a distributed fashion. It has custom commands to encrypt, decrypt, recrypt, create key pairs, diff --git a/share/keyringer/edit b/share/keyringer/edit index 0604d7e..fe05ecc 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -22,10 +22,21 @@ keyringer_set_tmpfile edit # Decrypt the information to the file $GPG --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE" +if [ "$BASENAME" == "edit" ]; then + APP="$EDITOR" +elif [ "$BASENAME" == "open" ]; then + if which xdg-open &> /dev/null; then + APP="xdg-open" + else + echo "You should have xdg-open application to perform this action, aborting." + exit 1 + fi +fi + # Prompt -echo "Press any key to open the decrypted data in $EDITOR, Ctrl-C to abort" +echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" read key -$EDITOR "$TMPWORK" +$APP "$TMPWORK" # Encrypt again $GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK" diff --git a/share/keyringer/open b/share/keyringer/open new file mode 120000 index 0000000..8491ab9 --- /dev/null +++ b/share/keyringer/open @@ -0,0 +1 @@ +edit \ No newline at end of file diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 99abd60..23b8d85 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -75,6 +75,9 @@ encrypt-batch <*SECRET*> genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*] : Wrapper to generete encryption keypairs, useful for automated key deployment. +open <*SECRET*> +: Open a secret using xdg-open. + recrypt <*SECRET*> : Recrypts a secret by decrypting it and recrypting again. Useful when users are added into recipient configuration. If no *SECRET* is given, all secrets in the repository -- cgit v1.2.3 From 5ceceaffb35560b30f33a06b08a6622a2266c0d3 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 14:19:59 -0300 Subject: Added support to encrypt from files --- index.mdwn | 4 ++++ share/keyringer/encrypt | 19 ++++++++++++++++--- share/man/keyringer.1.mdwn | 4 ++-- 3 files changed, 22 insertions(+), 5 deletions(-) (limited to 'share/man/keyringer.1.mdwn') diff --git a/index.mdwn b/index.mdwn index a9beecf..9156fe9 100644 --- a/index.mdwn +++ b/index.mdwn @@ -85,6 +85,10 @@ Encrypting a key keyringer encrypt +Encrypting a key from a file + + keyringer encrypt + Decrypting a key (only to stdout) keyringer decrypt diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt index 3680d0b..f35cdff 100755 --- a/share/keyringer/encrypt +++ b/share/keyringer/encrypt @@ -8,7 +8,18 @@ LIB="`dirname $0`/../../lib/keyringer/functions" source "$LIB" || exit 1 # Aditional parameters -keyringer_get_new_file "$2" +if [ ! -z "$3" ]; then + UNENCRYPTED_FILE="$2" + keyringer_get_new_file "$3" + + if [ ! -f "$UNENCRYPTED_FILE" ]; then + echo "Error: cannot encrypted $UNENCRYPTED_FILE: file not found." + exit 1 + fi +else + UNENCRYPTED_FILE="-" + keyringer_get_new_file "$2" +fi # Set recipients file keyringer_set_recipients "$FILE" @@ -18,10 +29,12 @@ mkdir -p "$KEYDIR/`dirname $FILE`" if [ "$BASENAME" == "encrypt" ]; then # Only display directions if we're running encrypt, not encrypt-batch - echo "Type your message and finish your input with EOF (Ctrl-D)." + if [ "$UNENCRYPTED_FILE" == "-" ]; then + echo "Type your message and finish your input with EOF (Ctrl-D)." + fi fi -$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") - > "$KEYDIR/$FILE" +$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$FILE" $UNENCRYPTED_FILE err="$?" diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 23b8d85..14ae687 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -66,8 +66,8 @@ edit <*SECRET*> : Edits a secret by temporarily decrypting it, opening the decrypted copy into *$EDITOR* and then recrypting it again. -encrypt <*SECRET*> -: Encrypts content from standard input into *SECRET*. +encrypt [*file*] <*SECRET*> +: Encrypts content from standard input or *file* into *SECRET*. encrypt-batch <*SECRET*> : Encrypt content, batch mode. -- cgit v1.2.3