Age | Commit message (Collapse) | Author |
|
|
|
|
|
The .gpg-id file may now have multiple keys in it, one per line.
If a .gpg-id file exists inside a subdirectory, passwords inside that
directory are encrypted to that/those ids.
The init command has learned a -p/--path option for writing such a sub
directory .gpg-id and now can take several arguments for ids.
|
|
|
|
According to a forthcoming paper by Alfredo Pironti, OpenPGP compression
can reveal entropy levels. We thus disable compression.
Existing password stores can be reencrypted without compression using
the "--reencrypt" flag for "init".
Reported-by: Alfredo Pironti <alfredo.pironti@inria.fr>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
Make show/ls/list follow links by passing -l to tree.
|
|
|
|
The `read` builtin accepts backslash notation for common non-printing
characters by default, like `\t` and `\n`. This requires that any
literal backslashes must also be escaped as `\\`.
Given that `gpg -e` does not interpret input, the `read` invocations are
changed to do the same.
Also, the right hand side of an `==` comparison within `[[ ]]` must be
quoted in order to suppress pattern metacharacter expansion. Quoting the
bash manual:
When the == and != operators are used, the string to the right of
the operator is considered a pattern and matched according to the
rules described below under Pattern Matching.
|
|
|
|
|
|
Reported-by: Paul Wise <pabs@debian.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reported-by: Simon KP <si@eskp.net>
|
|
Reported-by: Brian Mattern <rephorm@rephorm.com>
|
|
|
|
|
|
|
|
Get rid of push/pull shortcuts, as they weren't widely used.
Add contents to repo on git init.
Centralize git add logic, and make it less error prone.
|
|
|
|
|
|
|
|
Laurent asked for this.
Reported-by: Laurent Ghigonis <laurent@p1sec.com>
|
|
Reported-by: Laurent Ghigonis <laurent@p1sec.com>
|
|
|
|
|
|
|
|
|
|
Reported-by: Brian Mattern <rephorm@rephorm.com>
|
|
Right now, every time I call pass to decrypt a key, I get output like:
You need a passphrase to unlock the secret key for
user: "User Name <user@domain.com>"
2048-bit ELG-E key, ID XXXXXXNX, created 2012-04-20 (main key ID NNXXNNNX)
password
This patch cleans it up so that only the password is output. I use
pinentry-gtk-2 to enter the gpg passphrase, so this information is
redundant to me. I haven't tried other pinentry versions to see if they
repeat the information as well.
|
|
Currently, if you hit ctrl-c at the standard 'Enter password' prompt,
since it is piped directly to gpg, the entry gets cleared. Trying to
read from that entry results in:
gpg: [don't know]: 1st length byte missing
This patch fixes this.
Tweaked by Jason A. Donenfeld <Jason@zx2c4.com> to add GNU readline
features by using -e in read.
|
|
This asks before inserting a password when one already exists at that
location (instead of just overwriting it).
|
|
|
|
|
|
|
|
I like being able to specify command line options (like -c) at the end
of the line (which is usually when I think of the fact that I need
them).
The attached patch uses getopt(1) to regularize the option list so that
lazy people like me can specify the options in any order.
|
|
Attached is a trivial patch that removes the quotes from the line that
invokes $EDITOR. It's perfectly cromulent to set $EDITOR to something
with spaces in it, so when we evaluate this one we want it evaluated
bare. For example security nerds might want EDITOR='vim -n' if they
are scared of swap files, and that breaks if we quote there.
|