mirror of https://github.com/skeeto/enchive.git
Add new keygen option: passphrase --repeats (-r)
This option controls the number of repeated passphrase prompts when deriving a secret key. It is convenient to set this to zero when relying primarily on fingerprint verification. Alternatively, additional repeat prompts may aid in memorization. The default value is 1.pull/23/head
parent
b7ff1a4b24
commit
a38e5e3bb9
|
@ -90,6 +90,12 @@ Prints the public key fingerprint after generation or editing.
|
||||||
Sets the difficulty exponent for deriving the protection key from the protection key passphrase.
|
Sets the difficulty exponent for deriving the protection key from the protection key passphrase.
|
||||||
Default is 25.
|
Default is 25.
|
||||||
.TP
|
.TP
|
||||||
|
\fB\-r\fR \fIN\fR, \fB\-\-repeats\fR \fIN\fR
|
||||||
|
Number of repeated passphrase prompts when deriving a secret key.
|
||||||
|
It is convenient to set this to zero when relying primarily on fingerprint verification.
|
||||||
|
Alternatively, additional repeat prompts may aid in memorization.
|
||||||
|
Default is 1.
|
||||||
|
.TP
|
||||||
\fB\-u\fR, \fB\-\-plain\fR
|
\fB\-u\fR, \fB\-\-plain\fR
|
||||||
Do not use a protection key, and instead store the secret key unencrypted on the disk.
|
Do not use a protection key, and instead store the secret key unencrypted on the disk.
|
||||||
Consider using the key agent instead of this option.
|
Consider using the key agent instead of this option.
|
||||||
|
|
|
@ -1150,6 +1150,7 @@ command_keygen(struct optparse *options)
|
||||||
{"fingerprint", 'i', OPTPARSE_NONE},
|
{"fingerprint", 'i', OPTPARSE_NONE},
|
||||||
{"iterations", 'k', OPTPARSE_REQUIRED},
|
{"iterations", 'k', OPTPARSE_REQUIRED},
|
||||||
{"plain", 'u', OPTPARSE_NONE},
|
{"plain", 'u', OPTPARSE_NONE},
|
||||||
|
{"repeats", 'r', OPTPARSE_REQUIRED},
|
||||||
{0, 0, 0}
|
{0, 0, 0}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1164,6 +1165,7 @@ command_keygen(struct optparse *options)
|
||||||
int edit = 0;
|
int edit = 0;
|
||||||
int protect = 1;
|
int protect = 1;
|
||||||
int fingerprint = 0;
|
int fingerprint = 0;
|
||||||
|
int repeats = 1;
|
||||||
int key_derive_iterations = ENCHIVE_KEY_DERIVE_ITERATIONS;
|
int key_derive_iterations = ENCHIVE_KEY_DERIVE_ITERATIONS;
|
||||||
int seckey_derive_iterations = ENCHIVE_SECKEY_DERIVE_ITERATIONS;
|
int seckey_derive_iterations = ENCHIVE_SECKEY_DERIVE_ITERATIONS;
|
||||||
|
|
||||||
|
@ -1208,6 +1210,16 @@ command_keygen(struct optparse *options)
|
||||||
arg);
|
arg);
|
||||||
key_derive_iterations = n;
|
key_derive_iterations = n;
|
||||||
} break;
|
} break;
|
||||||
|
case 'r': {
|
||||||
|
char *p;
|
||||||
|
char *arg = options->optarg;
|
||||||
|
long n;
|
||||||
|
errno = 0;
|
||||||
|
n = strtol(arg, &p, 10);
|
||||||
|
if (errno || *p || n < 0 || n >= 256)
|
||||||
|
fatal("invalid --repeats (-r) -- %s", arg);
|
||||||
|
repeats = n;
|
||||||
|
} break;
|
||||||
case 'u':
|
case 'u':
|
||||||
protect = 0;
|
protect = 0;
|
||||||
break;
|
break;
|
||||||
|
@ -1242,10 +1254,12 @@ command_keygen(struct optparse *options)
|
||||||
char pass[2][ENCHIVE_PASSPHRASE_MAX];
|
char pass[2][ENCHIVE_PASSPHRASE_MAX];
|
||||||
get_passphrase(pass[0], sizeof(pass[0]),
|
get_passphrase(pass[0], sizeof(pass[0]),
|
||||||
"secret key passphrase: ");
|
"secret key passphrase: ");
|
||||||
get_passphrase(pass[1], sizeof(pass[0]),
|
while (repeats--) {
|
||||||
"secret key passphrase (repeat): ");
|
get_passphrase(pass[1], sizeof(pass[0]),
|
||||||
if (strcmp(pass[0], pass[1]) != 0)
|
"secret key passphrase (repeat): ");
|
||||||
fatal("secret key passphrases don't match");
|
if (strcmp(pass[0], pass[1]) != 0)
|
||||||
|
fatal("secret key passphrases don't match");
|
||||||
|
}
|
||||||
key_derive(pass[0], secret, seckey_derive_iterations, 0);
|
key_derive(pass[0], secret, seckey_derive_iterations, 0);
|
||||||
secret[0] &= 248;
|
secret[0] &= 248;
|
||||||
secret[31] &= 127;
|
secret[31] &= 127;
|
||||||
|
|
Loading…
Reference in New Issue