mirror of https://github.com/skeeto/enchive.git
Add --edit option.
parent
1b7d764f1a
commit
1e7fe39342
7
docs.h
7
docs.h
|
@ -17,11 +17,12 @@ static const char docs_usage[] =
|
||||||
"public key. It uses ChaCha20, Curve25519, and SHA-224.\n";
|
"public key. It uses ChaCha20, Curve25519, and SHA-224.\n";
|
||||||
|
|
||||||
static const char docs_keygen[] =
|
static const char docs_keygen[] =
|
||||||
"usage: enchive keygen [-d|--derive[=count]] [-f|--force] [-p|--plain]\n"
|
"usage: enchive keygen [-d|--derive[=count]] [-e|--edit] [-f|--force]\n"
|
||||||
" [-k|--iterations count]\n"
|
" [-p|--plain] [-k|--iterations count]\n"
|
||||||
" Generate a brand new keypair.\n"
|
" Generate a brand new keypair.\n"
|
||||||
"\n"
|
"\n"
|
||||||
" --derive=<n> derive secret key from a passphrase [16,777,216]\n"
|
" --derive[=<n>] derive secret key from a passphrase [16,777,216]\n"
|
||||||
|
" --edit edit the protection on an existing key\n"
|
||||||
" --iterations <n> iterations for protection key derivation [1,048,576]\n"
|
" --iterations <n> iterations for protection key derivation [1,048,576]\n"
|
||||||
" --force, -f overwrite any existing keys (default: no clobber)\n"
|
" --force, -f overwrite any existing keys (default: no clobber)\n"
|
||||||
" --plain, -u don't encrypt the secret key with a protection key\n"
|
" --plain, -u don't encrypt the secret key with a protection key\n"
|
||||||
|
|
46
enchive.c
46
enchive.c
|
@ -475,6 +475,16 @@ load_seckey(char *file, u8 *seckey)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
file_exists(char *filename)
|
||||||
|
{
|
||||||
|
FILE *f = fopen(filename, "r");
|
||||||
|
if (f) {
|
||||||
|
fclose(f);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
enum command {
|
enum command {
|
||||||
COMMAND_UNKNOWN = -2,
|
COMMAND_UNKNOWN = -2,
|
||||||
|
@ -510,6 +520,7 @@ command_keygen(struct optparse *options)
|
||||||
{
|
{
|
||||||
static const struct optparse_long keygen[] = {
|
static const struct optparse_long keygen[] = {
|
||||||
{"derive", 'd', OPTPARSE_OPTIONAL},
|
{"derive", 'd', OPTPARSE_OPTIONAL},
|
||||||
|
{"edit" , 'e', OPTPARSE_NONE},
|
||||||
{"force", 'f', OPTPARSE_NONE},
|
{"force", 'f', OPTPARSE_NONE},
|
||||||
{"iterations", 'k', OPTPARSE_REQUIRED},
|
{"iterations", 'k', OPTPARSE_REQUIRED},
|
||||||
{"plain", 'u', OPTPARSE_NONE},
|
{"plain", 'u', OPTPARSE_NONE},
|
||||||
|
@ -518,11 +529,14 @@ command_keygen(struct optparse *options)
|
||||||
|
|
||||||
char *pubfile = global_pubkey;
|
char *pubfile = global_pubkey;
|
||||||
char *secfile = global_seckey;
|
char *secfile = global_seckey;
|
||||||
|
int pubfile_exists;
|
||||||
|
int secfile_exists;
|
||||||
u8 public[32];
|
u8 public[32];
|
||||||
u8 secret[32];
|
u8 secret[32];
|
||||||
int clobber = 0;
|
int clobber = 0;
|
||||||
int encrypt = 1;
|
|
||||||
int derive = 0;
|
int derive = 0;
|
||||||
|
int edit = 0;
|
||||||
|
int protect = 1;
|
||||||
unsigned long key_derive_iterations = KEY_DERIVE_ITERATIONS;
|
unsigned long key_derive_iterations = KEY_DERIVE_ITERATIONS;
|
||||||
unsigned long seckey_derive_iterations = SECKEY_DERIVE_ITERATIONS;
|
unsigned long seckey_derive_iterations = SECKEY_DERIVE_ITERATIONS;
|
||||||
|
|
||||||
|
@ -543,6 +557,9 @@ command_keygen(struct optparse *options)
|
||||||
fatal("must be <= 0xFFFFFFFF -- %s", arg);
|
fatal("must be <= 0xFFFFFFFF -- %s", arg);
|
||||||
}
|
}
|
||||||
} break;
|
} break;
|
||||||
|
case 'e':
|
||||||
|
edit = 1;
|
||||||
|
break;
|
||||||
case 'f':
|
case 'f':
|
||||||
clobber = 1;
|
clobber = 1;
|
||||||
break;
|
break;
|
||||||
|
@ -557,24 +574,34 @@ command_keygen(struct optparse *options)
|
||||||
fatal("must be <= 0xFFFFFFFF -- %s", arg);
|
fatal("must be <= 0xFFFFFFFF -- %s", arg);
|
||||||
} break;
|
} break;
|
||||||
case 'u':
|
case 'u':
|
||||||
encrypt = 0;
|
protect = 0;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
fatal("%s", options->errmsg);
|
fatal("%s", options->errmsg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (edit && derive)
|
||||||
|
fatal("--edit and --derive are mutually exclusive");
|
||||||
|
|
||||||
if (!pubfile)
|
if (!pubfile)
|
||||||
pubfile = default_pubfile();
|
pubfile = default_pubfile();
|
||||||
if (!clobber && fopen(pubfile, "r"))
|
pubfile_exists = file_exists(pubfile);
|
||||||
fatal("operation would clobber %s", pubfile);
|
|
||||||
if (!secfile)
|
if (!secfile)
|
||||||
secfile = default_secfile();
|
secfile = default_secfile();
|
||||||
if (!clobber && fopen(secfile, "r"))
|
secfile_exists = file_exists(secfile);
|
||||||
fatal("operation would clobber %s", secfile);
|
|
||||||
|
|
||||||
/* Generate secret key. */
|
if (!edit && !clobber) {
|
||||||
if (derive) {
|
if (pubfile_exists)
|
||||||
|
fatal("operation would clobber %s", pubfile);
|
||||||
|
if (secfile_exists)
|
||||||
|
fatal("operation would clobber %s", secfile);
|
||||||
|
} else if (edit) {
|
||||||
|
if (!secfile_exists)
|
||||||
|
fatal("cannot edit non-existing file %s", secfile);
|
||||||
|
load_seckey(secfile, secret);
|
||||||
|
} else if (derive) {
|
||||||
|
/* Generate secret key from passphrase. */
|
||||||
char pass[2][256];
|
char pass[2][256];
|
||||||
get_passphrase(pass[0], sizeof(pass[0]),
|
get_passphrase(pass[0], sizeof(pass[0]),
|
||||||
"secret key passphrase: ");
|
"secret key passphrase: ");
|
||||||
|
@ -584,12 +611,13 @@ command_keygen(struct optparse *options)
|
||||||
fatal("passphrases don't match");
|
fatal("passphrases don't match");
|
||||||
key_derive(pass[0], secret, seckey_derive_iterations);
|
key_derive(pass[0], secret, seckey_derive_iterations);
|
||||||
} else {
|
} else {
|
||||||
|
/* Generate secret key from entropy. */
|
||||||
generate_secret(secret);
|
generate_secret(secret);
|
||||||
}
|
}
|
||||||
|
|
||||||
compute_public(public, secret);
|
compute_public(public, secret);
|
||||||
write_pubkey(pubfile, public);
|
write_pubkey(pubfile, public);
|
||||||
write_seckey(secfile, secret, encrypt ? key_derive_iterations : 0);
|
write_seckey(secfile, secret, protect ? key_derive_iterations : 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
|
|
Loading…
Reference in New Issue