From b64c3185714b73f3134c907006cc8097bbed09e8 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 5 Sep 2012 20:00:58 -0300 Subject: Do not enclose $EDITOR with quotes as it might break constructions such as "vim -X" --- share/keyringer/edit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'share') diff --git a/share/keyringer/edit b/share/keyringer/edit index 10798e2..0604d7e 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -25,7 +25,7 @@ $GPG --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE" # Prompt echo "Press any key to open the decrypted data in $EDITOR, Ctrl-C to abort" read key -"$EDITOR" "$TMPWORK" +$EDITOR "$TMPWORK" # Encrypt again $GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK" -- cgit v1.2.3 From f55d13ca7d9c499d34a977b58ed50df18b04b864 Mon Sep 17 00:00:00 2001 From: ricola Date: Fri, 19 Oct 2012 22:09:00 +0200 Subject: Move the 'preferences' action to a separate file --- keyringer | 29 ----------------------------- share/keyringer/preferences | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 29 deletions(-) create mode 100755 share/keyringer/preferences (limited to 'share') diff --git a/keyringer b/keyringer index a59fd2f..0f6372c 100755 --- a/keyringer +++ b/keyringer @@ -104,33 +104,6 @@ function keyringer_dispatch { fi } -function keyringer_preferences { - COMMAND="$3" - - if [ -z "$COMMAND" ]; then - echo "Usage: keyringer `basename $0` [arguments]" - exit 1 - fi - - # Create options file if old repository - if [ ! -e "$PREFERENCES" ]; then - echo "Creating preferences file..." - touch "$PREFERENCES" - fi - - if [ "$COMMAND" == "ls" ]; then - cat "$PREFERENCES" - elif [ "$COMMAND" == "edit" ]; then - "$EDITOR" "$PREFERENCES" - elif [ "$COMMAND" == "add" ]; then - shift 3 - echo $* >> "$PREFERENCES" - else - printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" - exit 1 - fi -} - # Config NAME="keyringer" KEYRINGER_VERSION="0.1" @@ -176,8 +149,6 @@ fi if [ "$ACTION" == "init" ]; then keyringer_init $* -elif [ "$ACTION" == "preferences" ]; then - keyringer_preferences $* elif keyringer_has_action "$ACTION"; then keyringer_dispatch $* else diff --git a/share/keyringer/preferences b/share/keyringer/preferences new file mode 100755 index 0000000..65b38f3 --- /dev/null +++ b/share/keyringer/preferences @@ -0,0 +1,32 @@ +#!/bin/bash +# +# Manipulate preferences. +# + +# Load functions +LIB="`dirname $0`/../../lib/keyringer/functions" +source "$LIB" || exit 1 + +COMMAND="$2" + +if [ -z "$COMMAND" ]; then + echo "Usage: keyringer $ACTION [arguments]" + exit 1 +fi + +# Create options file if old repository +if [ ! -e "$PREFERENCES" ]; then + echo "Creating preferences file..." + touch "$PREFERENCES" +fi + +if [ "$COMMAND" == "ls" ]; then + cat "$PREFERENCES" +elif [ "$COMMAND" == "edit" ]; then + "$EDITOR" "$PREFERENCES" +elif [ "$COMMAND" == "add" ]; then + shift 2 +else + printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" + exit 1 +fi -- cgit v1.2.3 From 4021aaae184b97c1971f51baf6f90ea765338159 Mon Sep 17 00:00:00 2001 From: ricola Date: Fri, 19 Oct 2012 22:10:45 +0200 Subject: Add usage to the 'preferences' action --- share/keyringer/preferences | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'share') diff --git a/share/keyringer/preferences b/share/keyringer/preferences index 65b38f3..1e8ad14 100755 --- a/share/keyringer/preferences +++ b/share/keyringer/preferences @@ -11,6 +11,10 @@ COMMAND="$2" if [ -z "$COMMAND" ]; then echo "Usage: keyringer $ACTION [arguments]" + echo "Available commands:" + echo " ls" + echo " edit" + echo " add" exit 1 fi -- cgit v1.2.3 From c6bd546e9cced474efabd227bbd6cbbdcf995a60 Mon Sep 17 00:00:00 2001 From: ricola Date: Fri, 19 Oct 2012 22:11:09 +0200 Subject: Improve the 'preferences add' action --- share/keyringer/preferences | 1 + 1 file changed, 1 insertion(+) (limited to 'share') diff --git a/share/keyringer/preferences b/share/keyringer/preferences index 1e8ad14..edd45e1 100755 --- a/share/keyringer/preferences +++ b/share/keyringer/preferences @@ -30,6 +30,7 @@ elif [ "$COMMAND" == "edit" ]; then "$EDITOR" "$PREFERENCES" elif [ "$COMMAND" == "add" ]; then shift 2 + [[ -n $* ]] && echo $* >> "$PREFERENCES" else printf "%s: No such command %s\n" "$BASENAME" "$COMMAND" exit 1 -- cgit v1.2.3 From 07c058cac1292eaeda9fea0c963c3867d52fc7f7 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 1 Nov 2012 22:21:11 -0200 Subject: Explicitly using "preferences" instead of $ACTION --- share/keyringer/preferences | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'share') diff --git a/share/keyringer/preferences b/share/keyringer/preferences index edd45e1..2819b50 100755 --- a/share/keyringer/preferences +++ b/share/keyringer/preferences @@ -10,7 +10,7 @@ source "$LIB" || exit 1 COMMAND="$2" if [ -z "$COMMAND" ]; then - echo "Usage: keyringer $ACTION [arguments]" + echo "Usage: keyringer preferences [arguments]" echo "Available commands:" echo " ls" echo " edit" -- cgit v1.2.3 From 27b131115b3e983575cc2f64c695d2269baa15e6 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 19 Nov 2012 17:22:33 -0200 Subject: Minor changes at genpair action --- share/keyringer/genpair | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'share') diff --git a/share/keyringer/genpair b/share/keyringer/genpair index 85ec1ac..a1a122e 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -70,7 +70,7 @@ EOF echo "Encrypting public key into keyringer..." $GPG --armor --homedir "$TMPWORK" --export | keyringer_exec encrypt "$BASEDIR" "$FILE.pub" echo "Encrypting passphrase into keyringer..." - echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" + echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt "$BASEDIR" "$FILE.passwd" # TODO: add outfiles into version control if [ ! -z "$OUTFILE" ]; then @@ -153,7 +153,7 @@ EOF if [ "$KEYTYPE" == "ssl-self" ]; then echo "Encrypting certificate into keyringer..." - cat "$NODE.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt" + cat "${NODE}.crt" | keyringer_exec encrypt "$BASEDIR" "$FILE.crt" elif [ -f "$BASEDIR/keys/$FILE.crt.asc" ]; then # Remove any existing crt keyringer_exec del "$BASEDIR" "$FILE.crt" @@ -164,18 +164,18 @@ EOF if [ ! -z "$OUTFILE" ]; then # TODO: add outfiles into version control mkdir -p `dirname $OUTFILE` - printf "Saving copies at %s.pem, %s.csr and %s.crt\n" "$OUTFILE" "$OUTFILE" "$OUTFILE" + printf "Saving copies at %s\n" "`dirname $OUTFILE`" cat "$TMPWORK/${NODE}_privatekey.pem" > "$OUTFILE.pem" cat "$TMPWORK/${NODE}_csr.pem" > "$OUTFILE.csr" - if [ -f "$TMPWORK/$NODE.crt" ]; then - cat "$TMPWORK/$NODE.crt" > "$OUTFILE.crt" + if [ -f "$TMPWORK/${NODE}.crt" ]; then + cat "$TMPWORK/${NODE}.crt" > "$OUTFILE.crt" fi fi # Show cert fingerprint if [ "$KEYTYPE" == "ssl-self" ]; then - openssl x509 -noout -in "$TMPWORK/$NODE.crt" -fingerprint + openssl x509 -noout -in "$TMPWORK/${NODE}.crt" -fingerprint fi echo "Done" -- cgit v1.2.3 From 67adc630f06c7779937a410f1d5925ad51f6e017 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 26 Feb 2013 12:32:05 -0300 Subject: Check return status (closes #7) --- lib/keyringer/functions | 4 ++++ share/keyringer/append | 6 ++++++ share/keyringer/encrypt | 8 ++++++++ 3 files changed, 18 insertions(+) (limited to 'share') diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 129ec0e..1d29157 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -74,6 +74,10 @@ function keyringer_exec { # Dispatch if keyringer_has_action "$action"; then "$ACTIONS/$action" "$basedir" $* + err="$?" + if [ "$err" != "0" ]; then + exit "$err" + fi fi } diff --git a/share/keyringer/append b/share/keyringer/append index 045ba86..bcc9e5e 100755 --- a/share/keyringer/append +++ b/share/keyringer/append @@ -32,4 +32,10 @@ for element in $(seq 0 $((${#NEW[@]} - 1))); do echo ${NEW[$element]} done | keyringer_exec encrypt-batch $BASEDIR $FILE +err="$?" + +if [ "$err" != "0" ]; then + exit "$err" +fi + IFS="$OLDIFS" diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt index da0941f..3680d0b 100755 --- a/share/keyringer/encrypt +++ b/share/keyringer/encrypt @@ -23,7 +23,15 @@ fi $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") - > "$KEYDIR/$FILE" +err="$?" + +if [ "$err" != "0" ]; then + exit "$err" +fi + # Stage if [ -d "$BASEDIR/.git" ]; then keyringer_exec git "$BASEDIR" add "keys/$FILE" fi + +exit "$?" -- cgit v1.2.3 From 4153129f3ae06a7dca7085e05e278232bbb81d32 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 26 Feb 2013 13:01:34 -0300 Subject: Recrypt only when decrypt is successful (#6) --- share/keyringer/decrypt | 3 +++ share/keyringer/recrypt | 10 ++++++++++ 2 files changed, 13 insertions(+) (limited to 'share') diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt index adc1134..bab9b34 100755 --- a/share/keyringer/decrypt +++ b/share/keyringer/decrypt @@ -12,3 +12,6 @@ keyringer_get_file "$2" # Decrypt $GPG --quiet --use-agent -d "$KEYDIR/$FILE" + +# Exit +exit "$?" diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt index cbf1af9..fc16603 100755 --- a/share/keyringer/recrypt +++ b/share/keyringer/recrypt @@ -14,6 +14,16 @@ function keyringer_recrypt { # Set recipients file keyringer_set_recipients "$FILE" + # Test decryption + $GPG --use-agent -d "$KEYDIR/$FILE" > /dev/null + + err="$?" + + if [ "$err" != "0" ]; then + echo "$BASENAME: decryption failed. Can't recrypt." + exit "$err" + fi + # Recrypt $GPG --use-agent -d "$KEYDIR/$FILE" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE" -- cgit v1.2.3 From 7423fcdcbbe586d2e6b6b675dbaff8a7a7bf7d0f Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 18 Mar 2013 18:04:38 -0300 Subject: Pipefail approach (#6) --- share/keyringer/recrypt | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'share') diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt index fc16603..695e789 100755 --- a/share/keyringer/recrypt +++ b/share/keyringer/recrypt @@ -14,18 +14,12 @@ function keyringer_recrypt { # Set recipients file keyringer_set_recipients "$FILE" - # Test decryption - $GPG --use-agent -d "$KEYDIR/$FILE" > /dev/null - - err="$?" - - if [ "$err" != "0" ]; then - echo "$BASENAME: decryption failed. Can't recrypt." - exit "$err" - fi + # Set pipefail so we can detect decryption failures + set -o pipefail # Recrypt - $GPG --use-agent -d "$KEYDIR/$FILE" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE" + $GPG --use-agent -d "$KEYDIR/$FILE" | \ + $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE" if [ "$?" != "0" ]; then exit 1 -- cgit v1.2.3 From 76cde135667b52ebb3b16de230370296fae660da Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 18 Mar 2013 18:16:51 -0300 Subject: Decrypt/encrypt approach (#6) --- share/keyringer/recrypt | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'share') diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt index 695e789..9153456 100755 --- a/share/keyringer/recrypt +++ b/share/keyringer/recrypt @@ -14,16 +14,23 @@ function keyringer_recrypt { # Set recipients file keyringer_set_recipients "$FILE" - # Set pipefail so we can detect decryption failures - set -o pipefail + # Decrypt + decrypted="$($GPG --use-agent -d "$KEYDIR/$FILE" 2> /dev/null)" + + if [ "$?" != "0" ]; then + echo "Decryption error." + exit 1 + fi # Recrypt - $GPG --use-agent -d "$KEYDIR/$FILE" | \ - $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE" + echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE" if [ "$?" != "0" ]; then + echo "Recryption error." exit 1 fi + + unset decrypted } if [ ! -z "$2" ]; then -- cgit v1.2.3 From 522dfd57b9419b50f77afcc29fdaec5c8ae6e252 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 19 Mar 2013 21:31:05 -0300 Subject: Recrypt: just write to file if successful (#6) --- share/keyringer/recrypt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'share') diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt index 9153456..63f7bc6 100755 --- a/share/keyringer/recrypt +++ b/share/keyringer/recrypt @@ -23,7 +23,7 @@ function keyringer_recrypt { fi # Recrypt - echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") > "$KEYDIR/$FILE" + recrypted="`echo "$decrypted" | $GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE")`" if [ "$?" != "0" ]; then echo "Recryption error." @@ -31,6 +31,7 @@ function keyringer_recrypt { fi unset decrypted + echo "$recrypted" > "$KEYDIR/$FILE" } if [ ! -z "$2" ]; then -- cgit v1.2.3 From dd36b7ab059b51a987481afdf71f341e5ef13ff9 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 10 Apr 2013 12:50:14 -0300 Subject: Using empty passphrases for genpair_ssh --- share/keyringer/genpair | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'share') diff --git a/share/keyringer/genpair b/share/keyringer/genpair index a1a122e..71ae86d 100755 --- a/share/keyringer/genpair +++ b/share/keyringer/genpair @@ -11,8 +11,8 @@ function genpair_ssh { echo "Make sure that $KEYDIR is atop of an encrypted volume." read -p "Hit ENTER to continue." prompt - # TODO: programatically enter blank passphrase twice - ssh-keygen -t rsa -f "$TMPWORK/id_rsa" -C "root@$NODE" + # We're using empty passphrases + ssh-keygen -t rsa -P '' -f "$TMPWORK/id_rsa" -C "root@$NODE" # Encrypt the result echo "Encrypting secret key into keyringer..." -- cgit v1.2.3 From 8da5023df4b4e3ec55bf52b4377920a8ece941e2 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 11 Jul 2013 16:44:20 -0300 Subject: Better usage handling --- keyringer | 4 +--- lib/keyringer/functions | 12 ++++++++++++ share/keyringer/commands | 10 ++++++++++ share/keyringer/usage | 12 ++++++++++++ 4 files changed, 35 insertions(+), 3 deletions(-) create mode 100755 share/keyringer/commands create mode 100755 share/keyringer/usage (limited to 'share') diff --git a/keyringer b/keyringer index 0f6372c..934f600 100755 --- a/keyringer +++ b/keyringer @@ -141,9 +141,7 @@ source "$LIB" || exit 1 keyringer_config_load if [ -z "$ACTION" ]; then - printf "Usage: %s [arguments]\n" "$BASENAME" - printf "Available commands: \n" - ls $ACTIONS | sed -e 's/^/\t/' + keyringer_usage exit 1 fi diff --git a/lib/keyringer/functions b/lib/keyringer/functions index 1d29157..3fa7170 100644 --- a/lib/keyringer/functions +++ b/lib/keyringer/functions @@ -342,6 +342,18 @@ function keyringer_action_usage { fi } +# Return available actions +function keyringer_show_actions { + ls $ACTIONS +} + +# Usage +function keyringer_usage { + printf "Usage: %s [arguments]\n" "$BASENAME" + printf "Available commands: \n" + keyringer_show_actions | sed -e 's/^/\t/' +} + # Check recipients function keyringer_check_recipients { if [ "$KEYRINGER_CHECK_RECIPIENTS" == "false" ]; then diff --git a/share/keyringer/commands b/share/keyringer/commands new file mode 100755 index 0000000..139725a --- /dev/null +++ b/share/keyringer/commands @@ -0,0 +1,10 @@ +#!/bin/bash +# +# Show available commands +# + +# Load functions +LIB="`dirname $0`/../../lib/keyringer/functions" +source "$LIB" || exit 1 + +keyringer_show_actions diff --git a/share/keyringer/usage b/share/keyringer/usage new file mode 100755 index 0000000..54cbea6 --- /dev/null +++ b/share/keyringer/usage @@ -0,0 +1,12 @@ +#!/bin/bash +# +# Show available commands +# + +# Load functions +LIB="`dirname $0`/../../lib/keyringer/functions" +source "$LIB" || exit 1 + +printf "Usage: %s [arguments]\n" "$BASENAME" +printf "Available commands: \n" +ls $ACTIONS | sed -e 's/^/\t/' -- cgit v1.2.3 From 3fc6dc9f42e5387039c1eb6ff62767c4509c30e9 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Thu, 11 Jul 2013 16:47:25 -0300 Subject: Cleanup --- share/keyringer/usage | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'share') diff --git a/share/keyringer/usage b/share/keyringer/usage index 54cbea6..a4602ac 100755 --- a/share/keyringer/usage +++ b/share/keyringer/usage @@ -7,6 +7,4 @@ LIB="`dirname $0`/../../lib/keyringer/functions" source "$LIB" || exit 1 -printf "Usage: %s [arguments]\n" "$BASENAME" -printf "Available commands: \n" -ls $ACTIONS | sed -e 's/^/\t/' +keyringer_usage -- cgit v1.2.3 From dfac71971d7ad2cfb153aed9b01b9fc6880fc09d Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 12:29:33 -0300 Subject: Initial manpage code --- share/man/keyringer.1 | 92 ++++++++++++++++++++++++++++++++++++++++++++ share/man/keyringer.1.mdwn | 96 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+) create mode 100644 share/man/keyringer.1 create mode 100644 share/man/keyringer.1.mdwn (limited to 'share') diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 new file mode 100644 index 0000000..d14052b --- /dev/null +++ b/share/man/keyringer.1 @@ -0,0 +1,92 @@ +.TH KEYRINGER 1 "August 17, 2013" "Keyringer User Manual" +.SH NAME +.PP +keyringer - encrypted and distributed secret sharing software +.SH SYNOPSIS +.PP +keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]... +.SH DESCRIPTION +.PP +Keyringer lets you manage and share secrets using GPG and git with +custom commands to encrypt, decrypt, recrypt, create key pairs, etc. +.SH ACTIONS +.PP +Keyringer has three types of actions: +.IP "1." 3 +Configuration actions. +.IP "2." 3 +Secret manipulation actions. +.IP "3." 3 +Repository lookup and manipulation actions. +.SS CONFIGURATION ACTIONS +.PP +commands : List available actions, useful for shell completion and +syntax check. +.PP +options <\f[I]ls\f[]|\f[I]edit\f[]|\f[I]add\f[]> : List, edit or add +miscelaneous \f[I]repository options\f[]. +.PP +preferences <\f[I]ls\f[]|\f[I]edit\f[]|\f[I]add\f[]> : List, edit or add +\f[I]user options\f[] for a given repository. +.PP +recipients <\f[I]ls\f[]|\f[I]edit\f[]> <\f[I]recipient-file\f[]> : List +or edit recipient configuration. +.PP +usage : Show usage information. +.SS SECRET MANIPULATION ACTIONS +.PP +All secret manipulation actions operates upon a \f[I]SECRET\f[], which +is the pathname of an encrypted file relative to keyring with optional +\f[C]\&.asc\f[] extension. +.PP +Secret manipulation actions do not commit changes into the secret +repository. +After any manipulation, the user has to manually commit the changes. +.PP +append <\f[I]SECRET\f[]> : Append contents into a secret. +.PP +append-batch <\f[I]SECRET\f[]> : Append contents into a secret, batch +mode. +.PP +decrypt <\f[I]SECRET\f[]> : Decrypts a secret into standard output. +.PP +del <\f[I]SECRET\f[]> : Removes a secret using git. +After deleting a secret a git commit and push is still needed to update +remote repositories. +To completely remove a file from a keyring, you should also rewrite the +git history by yourself. +.PP +edit <\f[I]SECRET\f[]> : Edits a secret by temporarily decrypting it, +opening the decrypted copy into \f[I]$EDITOR\f[] and then recrypting it +again. +.PP +encrypt <\f[I]SECRET\f[]> : Encrypts content from standard input into +\f[I]SECRET\f[]. +.PP +encrypt-batch <\f[I]SECRET\f[]> : Encrypt content, batch mode. +.PP +genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]> +[\f[I]options\f[]] : Wrapper to generete encryption keypairs, useful for +automated key deployment. +.PP +recrypt <\f[I]SECRET\f[]> : Recrypts a secret by decrypting it and +recrypting again. +Useful when users are added into recipient configuration. +If no \f[I]SECRET\f[] is given, all secrets in the repository are +re-encrypted. +.SH REPOSITORY LOOKUP AND MANIPULATION ACTIONS +.PP +git <\f[I]action\f[]> <\f[I]options\f[]> : Git wrapper that operates +from the toplevel keyring repository. +.PP +ls <\f[I]PATH\f[]> : List contents from the toplevel repository +\f[I]keys\f[] folder or from relative \f[I]PATH\f[]. +.SH SEE ALSO +.PP +The \f[I]README\f[] file distributed with Keyringer contains full +documentation. +.PP +The Keyringer source code and all documentation may be downloaded from +. +.SH AUTHORS +Silvio Rhatto. diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn new file mode 100644 index 0000000..99abd60 --- /dev/null +++ b/share/man/keyringer.1.mdwn @@ -0,0 +1,96 @@ +% KEYRINGER(1) Keyringer User Manual +% Silvio Rhatto +% August 17, 2013 + +# NAME + +keyringer - encrypted and distributed secret sharing software + +# SYNOPSIS + +keyringer <*keyring*> <*action*> [*options*]... + +# DESCRIPTION + +Keyringer lets you manage and share secrets using GPG and git with custom +commands to encrypt, decrypt, recrypt, create key pairs, etc. + +# ACTIONS + +Keyringer has three types of actions: + +1. Configuration actions. +2. Secret manipulation actions. +3. Repository lookup and manipulation actions. + +## CONFIGURATION ACTIONS + +commands +: List available actions, useful for shell completion and syntax check. + +options <*ls*|*edit*|*add*> +: List, edit or add miscelaneous *repository options*. + +preferences <*ls*|*edit*|*add*> +: List, edit or add *user options* for a given repository. + +recipients <*ls*|*edit*> <*recipient-file*> +: List or edit recipient configuration. + +usage +: Show usage information. + +## SECRET MANIPULATION ACTIONS + +All secret manipulation actions operates upon a *SECRET*, which is the pathname +of an encrypted file relative to keyring with optional `.asc` extension. + +Secret manipulation actions do not commit changes into the secret repository. +After any manipulation, the user has to manually commit the changes. + +append <*SECRET*> +: Append contents into a secret. + +append-batch <*SECRET*> +: Append contents into a secret, batch mode. + +decrypt <*SECRET*> +: Decrypts a secret into standard output. + +del <*SECRET*> +: Removes a secret using git. After deleting a secret a git commit and push is still + needed to update remote repositories. To completely remove a file from a keyring, + you should also rewrite the git history by yourself. + +edit <*SECRET*> +: Edits a secret by temporarily decrypting it, opening the decrypted copy into *$EDITOR* + and then recrypting it again. + +encrypt <*SECRET*> +: Encrypts content from standard input into *SECRET*. + +encrypt-batch <*SECRET*> +: Encrypt content, batch mode. + +genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*] +: Wrapper to generete encryption keypairs, useful for automated key deployment. + +recrypt <*SECRET*> +: Recrypts a secret by decrypting it and recrypting again. Useful when users are added + into recipient configuration. If no *SECRET* is given, all secrets in the repository + are re-encrypted. + +# REPOSITORY LOOKUP AND MANIPULATION ACTIONS + +git <*action*> <*options*> +: Git wrapper that operates from the toplevel keyring repository. + +ls <*PATH*> +: List contents from the toplevel repository *keys* folder or from relative *PATH*. + +# SEE ALSO + +The *README* file distributed with Keyringer contains full documentation. + +The Keyringer source code and all documentation may be downloaded from +. -- cgit v1.2.3 From d46f13b4683dcd456387e81b53017d2b672e778e Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 12:49:53 -0300 Subject: Adding 'open' action --- debian/control | 2 +- share/keyringer/edit | 15 +++++++++++++-- share/keyringer/open | 1 + share/man/keyringer.1.mdwn | 3 +++ 4 files changed, 18 insertions(+), 3 deletions(-) create mode 120000 share/keyringer/open (limited to 'share') diff --git a/debian/control b/debian/control index b386532..689c7d9 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ Homepage: https://keyringer.pw Package: keyringer Architecture: all Depends: ${shlibs:Depends}, ${misc:Depends}, bash, git-core, gnupg, grep, gawk, coreutils, sed -Recommends: openssl +Recommends: openssl, xdg-utils Description: Distributed secret management using GPG and git Keyringer lets you manage and share secrets using GPG and git in a distributed fashion. It has custom commands to encrypt, decrypt, recrypt, create key pairs, diff --git a/share/keyringer/edit b/share/keyringer/edit index 0604d7e..fe05ecc 100755 --- a/share/keyringer/edit +++ b/share/keyringer/edit @@ -22,10 +22,21 @@ keyringer_set_tmpfile edit # Decrypt the information to the file $GPG --yes -o "$TMPWORK" --use-agent -d "$KEYDIR/$FILE" +if [ "$BASENAME" == "edit" ]; then + APP="$EDITOR" +elif [ "$BASENAME" == "open" ]; then + if which xdg-open &> /dev/null; then + APP="xdg-open" + else + echo "You should have xdg-open application to perform this action, aborting." + exit 1 + fi +fi + # Prompt -echo "Press any key to open the decrypted data in $EDITOR, Ctrl-C to abort" +echo "Press any key to open the decrypted data with $APP, Ctrl-C to abort" read key -$EDITOR "$TMPWORK" +$APP "$TMPWORK" # Encrypt again $GPG --yes -o "$KEYDIR/$FILE" --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") "$TMPWORK" diff --git a/share/keyringer/open b/share/keyringer/open new file mode 120000 index 0000000..8491ab9 --- /dev/null +++ b/share/keyringer/open @@ -0,0 +1 @@ +edit \ No newline at end of file diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 99abd60..23b8d85 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -75,6 +75,9 @@ encrypt-batch <*SECRET*> genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*] : Wrapper to generete encryption keypairs, useful for automated key deployment. +open <*SECRET*> +: Open a secret using xdg-open. + recrypt <*SECRET*> : Recrypts a secret by decrypting it and recrypting again. Useful when users are added into recipient configuration. If no *SECRET* is given, all secrets in the repository -- cgit v1.2.3 From 5ceceaffb35560b30f33a06b08a6622a2266c0d3 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 14:19:59 -0300 Subject: Added support to encrypt from files --- index.mdwn | 4 ++++ share/keyringer/encrypt | 19 ++++++++++++++++--- share/man/keyringer.1.mdwn | 4 ++-- 3 files changed, 22 insertions(+), 5 deletions(-) (limited to 'share') diff --git a/index.mdwn b/index.mdwn index a9beecf..9156fe9 100644 --- a/index.mdwn +++ b/index.mdwn @@ -85,6 +85,10 @@ Encrypting a key keyringer encrypt +Encrypting a key from a file + + keyringer encrypt + Decrypting a key (only to stdout) keyringer decrypt diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt index 3680d0b..f35cdff 100755 --- a/share/keyringer/encrypt +++ b/share/keyringer/encrypt @@ -8,7 +8,18 @@ LIB="`dirname $0`/../../lib/keyringer/functions" source "$LIB" || exit 1 # Aditional parameters -keyringer_get_new_file "$2" +if [ ! -z "$3" ]; then + UNENCRYPTED_FILE="$2" + keyringer_get_new_file "$3" + + if [ ! -f "$UNENCRYPTED_FILE" ]; then + echo "Error: cannot encrypted $UNENCRYPTED_FILE: file not found." + exit 1 + fi +else + UNENCRYPTED_FILE="-" + keyringer_get_new_file "$2" +fi # Set recipients file keyringer_set_recipients "$FILE" @@ -18,10 +29,12 @@ mkdir -p "$KEYDIR/`dirname $FILE`" if [ "$BASENAME" == "encrypt" ]; then # Only display directions if we're running encrypt, not encrypt-batch - echo "Type your message and finish your input with EOF (Ctrl-D)." + if [ "$UNENCRYPTED_FILE" == "-" ]; then + echo "Type your message and finish your input with EOF (Ctrl-D)." + fi fi -$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") - > "$KEYDIR/$FILE" +$GPG --use-agent --armor -e -s $(keyringer_recipients "$RECIPIENTS_FILE") --yes --output "$KEYDIR/$FILE" $UNENCRYPTED_FILE err="$?" diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index 23b8d85..14ae687 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -66,8 +66,8 @@ edit <*SECRET*> : Edits a secret by temporarily decrypting it, opening the decrypted copy into *$EDITOR* and then recrypting it again. -encrypt <*SECRET*> -: Encrypts content from standard input into *SECRET*. +encrypt [*file*] <*SECRET*> +: Encrypts content from standard input or *file* into *SECRET*. encrypt-batch <*SECRET*> : Encrypt content, batch mode. -- cgit v1.2.3 From be0cc7c6e932896178c128ab9e36cb964d33dc00 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 14:23:16 -0300 Subject: Added wipe notice --- share/keyringer/encrypt | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'share') diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt index f35cdff..c0b7874 100755 --- a/share/keyringer/encrypt +++ b/share/keyringer/encrypt @@ -42,6 +42,10 @@ if [ "$err" != "0" ]; then exit "$err" fi +if [ "$UNENCRYPTED_FILE" != "-" ]; then + echo "Now make to wipe the non-encrypted $UNENCRYPTED_FILE." +fi + # Stage if [ -d "$BASEDIR/.git" ]; then keyringer_exec git "$BASEDIR" add "keys/$FILE" -- cgit v1.2.3 From fa8b699d01f21a61db7672945dddcde4c3170f96 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 17 Aug 2013 14:34:56 -0300 Subject: Updated manpage --- share/man/keyringer.1 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'share') diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index d14052b..2eaa30d 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -60,8 +60,8 @@ edit <\f[I]SECRET\f[]> : Edits a secret by temporarily decrypting it, opening the decrypted copy into \f[I]$EDITOR\f[] and then recrypting it again. .PP -encrypt <\f[I]SECRET\f[]> : Encrypts content from standard input into -\f[I]SECRET\f[]. +encrypt [\f[I]file\f[]] <\f[I]SECRET\f[]> : Encrypts content from +standard input or \f[I]file\f[] into \f[I]SECRET\f[]. .PP encrypt-batch <\f[I]SECRET\f[]> : Encrypt content, batch mode. .PP @@ -69,6 +69,8 @@ genpair <\f[I]ssh\f[]|\f[I]gpg\f[]|\f[I]ssl\f[]|\f[I]ssl-self\f[]> [\f[I]options\f[]] : Wrapper to generete encryption keypairs, useful for automated key deployment. .PP +open <\f[I]SECRET\f[]> : Open a secret using xdg-open. +.PP recrypt <\f[I]SECRET\f[]> : Recrypts a secret by decrypting it and recrypting again. Useful when users are added into recipient configuration. -- cgit v1.2.3