mirrors
/
enchive
mirror of https://github.com/skeeto/enchive.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add new keygen option: passphrase --repeats (-r) 

This option controls the number of repeated passphrase prompts when
deriving a secret key. It is convenient to set this to zero when relying
primarily on fingerprint verification. Alternatively, additional repeat
prompts may aid in memorization. The default value is 1.
pull/23/head
Christopher Wellons 2018-05-25 18:55:18 +00:00
parent b7ff1a4b24
commit a38e5e3bb9
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
enchive.1
View File

@ -90,6 +90,12 @@ Prints the public key fingerprint after generation or editing.
Sets the difficulty exponent for deriving the protection key from the protection key passphrase. Sets the difficulty exponent for deriving the protection key from the protection key passphrase.
Default is 25. Default is 25.
.TP .TP
\fB\-r\fR \fIN\fR, \fB\-\-repeats\fR \fIN\fR
Number of repeated passphrase prompts when deriving a secret key.
It is convenient to set this to zero when relying primarily on fingerprint verification.
Alternatively, additional repeat prompts may aid in memorization.
Default is 1.
.TP
\fB\-u\fR, \fB\-\-plain\fR \fB\-u\fR, \fB\-\-plain\fR
Do not use a protection key, and instead store the secret key unencrypted on the disk. Do not use a protection key, and instead store the secret key unencrypted on the disk.
Consider using the key agent instead of this option. Consider using the key agent instead of this option.

22
src/enchive.c
View File

@ -1150,6 +1150,7 @@ command_keygen(struct optparse *options)
{"fingerprint", 'i', OPTPARSE_NONE}, {"fingerprint", 'i', OPTPARSE_NONE},
{"iterations", 'k', OPTPARSE_REQUIRED}, {"iterations", 'k', OPTPARSE_REQUIRED},
{"plain", 'u', OPTPARSE_NONE}, {"plain", 'u', OPTPARSE_NONE},
{"repeats", 'r', OPTPARSE_REQUIRED},
{0, 0, 0} {0, 0, 0}
}; };
@ -1164,6 +1165,7 @@ command_keygen(struct optparse *options)
int edit = 0; int edit = 0;
int protect = 1; int protect = 1;
int fingerprint = 0; int fingerprint = 0;
int repeats = 1;
int key_derive_iterations = ENCHIVE_KEY_DERIVE_ITERATIONS; int key_derive_iterations = ENCHIVE_KEY_DERIVE_ITERATIONS;
int seckey_derive_iterations = ENCHIVE_SECKEY_DERIVE_ITERATIONS; int seckey_derive_iterations = ENCHIVE_SECKEY_DERIVE_ITERATIONS;
@ -1208,6 +1210,16 @@ command_keygen(struct optparse *options)
arg); arg);
key_derive_iterations = n; key_derive_iterations = n;
} break; } break;
case 'r': {
char *p;
char *arg = options->optarg;
long n;
errno = 0;
n = strtol(arg, &p, 10);
if (errno || *p || n < 0 || n >= 256)
fatal("invalid --repeats (-r) -- %s", arg);
repeats = n;
} break;
case 'u': case 'u':
protect = 0; protect = 0;
break; break;
@ -1242,10 +1254,12 @@ command_keygen(struct optparse *options)
char pass[2][ENCHIVE_PASSPHRASE_MAX]; char pass[2][ENCHIVE_PASSPHRASE_MAX];
get_passphrase(pass[0], sizeof(pass[0]), get_passphrase(pass[0], sizeof(pass[0]),
"secret key passphrase: "); "secret key passphrase: ");
get_passphrase(pass[1], sizeof(pass[0]), while (repeats--) {
"secret key passphrase (repeat): "); get_passphrase(pass[1], sizeof(pass[0]),
if (strcmp(pass[0], pass[1]) != 0) "secret key passphrase (repeat): ");
fatal("secret key passphrases don't match"); if (strcmp(pass[0], pass[1]) != 0)
fatal("secret key passphrases don't match");
}
key_derive(pass[0], secret, seckey_derive_iterations, 0); key_derive(pass[0], secret, seckey_derive_iterations, 0);
secret[0] &= 248; secret[0] &= 248;
secret[31] &= 127; secret[31] &= 127;