mirror of
https://codeberg.org/scip/pcp.git
synced 2025-12-17 03:50:57 +01:00
implemented pbp-compatible self encryption mode (symetrical encryption using scrypt(passphrase, static nonce), no pk)
This commit is contained in:
TLINDEN
@@ -53,10 +53,12 @@ unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||
unsigned char *cipher, size_t ciphersize,
|
||||
size_t *dsize);
|
||||
|
||||
size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int self);
|
||||
size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p);
|
||||
|
||||
size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s);
|
||||
size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey);
|
||||
|
||||
size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int havehead);
|
||||
|
||||
size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey);
|
||||
|
||||
#endif // _HAVE_PCP_CRYPTO_H
|
||||
|
||||
@@ -67,12 +67,16 @@ typedef unsigned int qbyte; // Quad byte = 32 bits
|
||||
|
||||
// crypto file format stuff
|
||||
#define PCP_ASYM_CIPHER 5
|
||||
#define PCP_BLOCK_CIPHER 23
|
||||
#define PCP_SYM_CIPHER 23
|
||||
#define PCP_BLOCK_SIZE 32 * 1024
|
||||
#define PCP_BLOCK_SIZE_IN (PCP_BLOCK_SIZE) + 16 + crypto_secretbox_NONCEBYTES
|
||||
#define PCP_ASYM_RECIPIENT_SIZE ((crypto_secretbox_KEYBYTES + crypto_box_ZEROBYTES) - crypto_box_BOXZEROBYTES) + crypto_secretbox_NONCEBYTES
|
||||
#define PCP_CRYPTO_ADD (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
|
||||
#define PCP_ASYM_RECIPIENT_SIZE crypto_secretbox_KEYBYTES + PCP_CRYPTO_ADD + crypto_secretbox_NONCEBYTES
|
||||
//#define PCP_ASYM_ADD_SENDER_PUB
|
||||
|
||||
// used for self encryption only
|
||||
#define PBP_COMPAT_SALT "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U<GB1$,<$j>,rSYI2GRDd:Bcm"
|
||||
|
||||
// error handling
|
||||
extern char *PCP_ERR;
|
||||
extern byte PCP_ERRSET;
|
||||
|
||||
210
libpcp/crypto.c
210
libpcp/crypto.c
@@ -149,7 +149,7 @@ unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||
|
||||
// resulting size:
|
||||
// ciphersize - crypto_secretbox_ZEROBYTES
|
||||
*dsize = ciphersize - crypto_secretbox_NONCEBYTES - 16;
|
||||
*dsize = ciphersize - crypto_secretbox_NONCEBYTES - PCP_CRYPTO_ADD;
|
||||
return message;
|
||||
|
||||
errbed:
|
||||
@@ -162,31 +162,47 @@ unsigned char *pcp_box_decrypt(pcp_key_t *secret, pcp_pubkey_t *pub,
|
||||
}
|
||||
|
||||
|
||||
size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s) {
|
||||
unsigned char *symkey = NULL;
|
||||
size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s, unsigned char *symkey) {
|
||||
pcp_pubkey_t *cur, *sender;
|
||||
size_t es;
|
||||
int nrec, recmatch;
|
||||
uint32_t lenrec;
|
||||
uint8_t head;
|
||||
size_t cur_bufsize, rec_size, out_size;
|
||||
size_t ciphersize = (PCP_BLOCK_SIZE_IN) - crypto_secretbox_NONCEBYTES;
|
||||
unsigned char in_buf[PCP_BLOCK_SIZE_IN];
|
||||
size_t cur_bufsize, rec_size;
|
||||
|
||||
unsigned char rec_buf[PCP_ASYM_RECIPIENT_SIZE];
|
||||
unsigned char *buf_nonce;
|
||||
unsigned char *buf_cipher;
|
||||
unsigned char *buf_clear;
|
||||
|
||||
#ifdef PCP_ASYM_ADD_SENDER_PUB
|
||||
unsigned char *senderpub;
|
||||
#endif
|
||||
int self = 0;
|
||||
|
||||
// step 1, check header
|
||||
cur_bufsize = fread(&head, 1, 1, in);
|
||||
if(cur_bufsize != 1 && !feof(in) && !ferror(in))
|
||||
if(head != PCP_ASYM_CIPHER) {
|
||||
fatal("Error: input file is not asymetrically encrypted\n"); // FIXME: check for sym
|
||||
goto errdef1;
|
||||
if(ftell(in) == 1) {
|
||||
// header has already been determined outside the lib
|
||||
if(symkey != NULL)
|
||||
self = 1;
|
||||
}
|
||||
else {
|
||||
// step 1, check header
|
||||
cur_bufsize = fread(&head, 1, 1, in);
|
||||
if(cur_bufsize != 1 && !feof(in) && !ferror(in)) {
|
||||
if(head == PCP_SYM_CIPHER) {
|
||||
if(symkey != NULL)
|
||||
self = 1;
|
||||
else {
|
||||
fatal("Input is symetrically encrypted but no key have been specified (lib usage failure)\n");
|
||||
goto errdef1;
|
||||
}
|
||||
}
|
||||
else if(head == PCP_ASYM_CIPHER) {
|
||||
self = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(self) {
|
||||
// just decrypt symetrically and go outa here
|
||||
return pcp_decrypt_file_sym(in, out, symkey);
|
||||
}
|
||||
|
||||
#ifdef PCP_ASYM_ADD_SENDER_PUB
|
||||
// step 2, sender's pubkey
|
||||
@@ -233,47 +249,14 @@ size_t pcp_decrypt_file(FILE *in, FILE* out, pcp_key_t *s) {
|
||||
}
|
||||
|
||||
// step 5, actually decrypt the file, finally
|
||||
buf_nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
|
||||
buf_cipher = ucmalloc(ciphersize);
|
||||
out_size = 0;
|
||||
while(!feof(in)) {
|
||||
cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE_IN, in);
|
||||
if(cur_bufsize <= 16)
|
||||
break; // no valid cipher block
|
||||
ciphersize = cur_bufsize - crypto_secretbox_NONCEBYTES;
|
||||
memcpy(buf_nonce, in_buf, crypto_secretbox_NONCEBYTES);
|
||||
memcpy(buf_cipher, &in_buf[crypto_secretbox_NONCEBYTES], ciphersize);
|
||||
return pcp_decrypt_file_sym(in, out, symkey);
|
||||
|
||||
es = pcp_sodium_verify_mac(&buf_clear, buf_cipher, ciphersize, buf_nonce, symkey);
|
||||
if(es == 0) {
|
||||
fwrite(buf_clear, ciphersize - 16, 1, out);
|
||||
if(ferror(out) != 0) {
|
||||
fatal("Failed to write decrypted output!\n");
|
||||
goto errdef2;
|
||||
}
|
||||
}
|
||||
else {
|
||||
fatal("Failed to decrypt file content!\n");
|
||||
goto errdef2;
|
||||
}
|
||||
out_size += ciphersize - 16;
|
||||
}
|
||||
|
||||
fclose(in);
|
||||
fclose(out); // FIXME: check for stdin/stdout
|
||||
|
||||
return out_size;
|
||||
|
||||
errdef2:
|
||||
free(buf_nonce);
|
||||
free(buf_cipher);
|
||||
free(symkey);
|
||||
|
||||
errdef1:
|
||||
return 0;
|
||||
}
|
||||
|
||||
size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int self) {
|
||||
size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p) {
|
||||
unsigned char *symkey;
|
||||
int recipient_count;
|
||||
unsigned char *recipients_cipher;
|
||||
@@ -281,10 +264,9 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int
|
||||
size_t es;
|
||||
int nrec;
|
||||
uint32_t lenrec;
|
||||
size_t cur_bufsize, rec_size, out_size;
|
||||
unsigned char in_buf[PCP_BLOCK_SIZE];
|
||||
unsigned char *buf_nonce;
|
||||
unsigned char *buf_cipher;
|
||||
size_t rec_size, out_size;
|
||||
|
||||
|
||||
|
||||
/*
|
||||
Correct format should be:
|
||||
@@ -350,7 +332,51 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int
|
||||
out_size = 5 + (rec_size * recipient_count) + crypto_box_PUBLICKEYBYTES;
|
||||
|
||||
// step 5, actual encrypted data
|
||||
cur_bufsize = 0;
|
||||
size_t sym_size = pcp_encrypt_file_sym(in, out, symkey, 1);
|
||||
if(sym_size == 0)
|
||||
goto errec1;
|
||||
|
||||
|
||||
return out_size + sym_size;
|
||||
|
||||
|
||||
|
||||
errec1:
|
||||
memset(symkey, 0, crypto_secretbox_KEYBYTES);
|
||||
free(symkey);
|
||||
free(recipients_cipher);
|
||||
|
||||
if(fileno(in) != 0)
|
||||
fclose(in);
|
||||
if(fileno(out) != 1)
|
||||
fclose(out);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
size_t pcp_encrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey, int havehead) {
|
||||
/*
|
||||
havehead = 0: write the whole thing from here
|
||||
havehead = 1: no header, being called from asym...
|
||||
*/
|
||||
|
||||
unsigned char *buf_nonce;
|
||||
unsigned char *buf_cipher;
|
||||
unsigned char in_buf[PCP_BLOCK_SIZE];
|
||||
size_t cur_bufsize = 0;
|
||||
size_t out_size = 0;
|
||||
size_t es;
|
||||
|
||||
if(havehead == 0) {
|
||||
uint8_t head = PCP_SYM_CIPHER;
|
||||
fwrite(&head, 1, 1, out);
|
||||
if(ferror(out) != 0) {
|
||||
fatal("Failed to write encrypted output!\n");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
while(!feof(in)) {
|
||||
cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE, in);
|
||||
@@ -369,25 +395,67 @@ size_t pcp_encrypt_file(FILE *in, FILE* out, pcp_key_t *s, pcp_pubkey_t *p, int
|
||||
|
||||
if(ferror(out) != 0) {
|
||||
fatal("Failed to write encrypted output!\n");
|
||||
goto errec2;
|
||||
return 0;
|
||||
}
|
||||
|
||||
fclose(in);
|
||||
fclose(out); // FIXME: check for stdin/stdout
|
||||
if(fileno(in) != 0)
|
||||
fclose(in);
|
||||
if(fileno(out) != 1)
|
||||
fclose(out);
|
||||
|
||||
return out_size;
|
||||
}
|
||||
|
||||
size_t pcp_decrypt_file_sym(FILE *in, FILE* out, unsigned char *symkey) {
|
||||
unsigned char *buf_nonce;
|
||||
unsigned char *buf_cipher;
|
||||
unsigned char *buf_clear;
|
||||
size_t out_size, cur_bufsize, es;
|
||||
size_t ciphersize = (PCP_BLOCK_SIZE_IN) - crypto_secretbox_NONCEBYTES;
|
||||
unsigned char in_buf[PCP_BLOCK_SIZE_IN];
|
||||
|
||||
buf_nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
|
||||
buf_cipher = ucmalloc(ciphersize);
|
||||
out_size = 0;
|
||||
|
||||
while(!feof(in)) {
|
||||
cur_bufsize = fread(&in_buf, 1, PCP_BLOCK_SIZE_IN, in);
|
||||
if(cur_bufsize <= PCP_CRYPTO_ADD)
|
||||
break; // no valid cipher block
|
||||
|
||||
ciphersize = cur_bufsize - crypto_secretbox_NONCEBYTES;
|
||||
memcpy(buf_nonce, in_buf, crypto_secretbox_NONCEBYTES);
|
||||
memcpy(buf_cipher, &in_buf[crypto_secretbox_NONCEBYTES], ciphersize);
|
||||
|
||||
es = pcp_sodium_verify_mac(&buf_clear, buf_cipher, ciphersize, buf_nonce, symkey);
|
||||
out_size += ciphersize - PCP_CRYPTO_ADD;
|
||||
|
||||
if(es == 0) {
|
||||
fwrite(buf_clear, ciphersize - PCP_CRYPTO_ADD, 1, out);
|
||||
free(buf_clear);
|
||||
if(ferror(out) != 0) {
|
||||
fatal("Failed to write decrypted output!\n");
|
||||
out_size = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else {
|
||||
fatal("Failed to decrypt file content!\n");
|
||||
free(buf_clear);
|
||||
out_size = 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
free(buf_nonce);
|
||||
free(buf_cipher);
|
||||
|
||||
if(fileno(in) != 0)
|
||||
fclose(in);
|
||||
if(fileno(out) != 1)
|
||||
fclose(out);
|
||||
|
||||
return out_size;
|
||||
|
||||
errec2:
|
||||
|
||||
|
||||
errec1:
|
||||
memset(symkey, 0, crypto_secretbox_KEYBYTES);
|
||||
free(symkey);
|
||||
free(recipients_cipher);
|
||||
|
||||
|
||||
fclose(in);
|
||||
fclose(out);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
178
src/encryption.c
178
src/encryption.c
@@ -26,22 +26,11 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
||||
FILE *in = NULL;
|
||||
FILE *out = NULL;
|
||||
pcp_key_t *secret = NULL;
|
||||
unsigned char *symkey = NULL;
|
||||
size_t dlen;
|
||||
uint8_t head;
|
||||
|
||||
|
||||
if(useid) {
|
||||
HASH_FIND_STR(pcpkey_hash, id, secret);
|
||||
if(secret == NULL) {
|
||||
fatal("Could not find a secret key with id 0x%s in vault %s!\n",
|
||||
id, vault->filename);
|
||||
goto errde3;
|
||||
}
|
||||
}
|
||||
else {
|
||||
secret = pcp_find_primary_secret();
|
||||
if(secret == NULL) {
|
||||
fatal("Could not find a secret key in vault %s!\n", id, vault->filename);
|
||||
goto errde3;
|
||||
}
|
||||
}
|
||||
|
||||
if(infile == NULL)
|
||||
in = stdin;
|
||||
@@ -61,24 +50,72 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd) {
|
||||
}
|
||||
}
|
||||
|
||||
if(secret->secret[0] == 0) {
|
||||
// encrypted, decrypt it
|
||||
char *passphrase;
|
||||
if(passwd == NULL) {
|
||||
pcp_readpass(&passphrase,
|
||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||
// determine crypt mode
|
||||
fread(&head, 1, 1, in);
|
||||
if(!feof(in) && !ferror(in)) {
|
||||
if(head == PCP_SYM_CIPHER) {
|
||||
// symetric mode
|
||||
unsigned char *salt = ucmalloc(90);
|
||||
char stsalt[] = PBP_COMPAT_SALT;
|
||||
memcpy(salt, stsalt, 90);
|
||||
|
||||
char *passphrase;
|
||||
if(passwd == NULL) {
|
||||
pcp_readpass(&passphrase,
|
||||
"Enter passphrase for symetric decryption", NULL, 1);
|
||||
}
|
||||
else {
|
||||
passphrase = ucmalloc(strlen(passwd)+1);
|
||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
||||
}
|
||||
|
||||
symkey = pcp_scrypt(passphrase, crypto_secretbox_KEYBYTES, salt);
|
||||
free(salt);
|
||||
}
|
||||
else {
|
||||
passphrase = ucmalloc(strlen(passwd)+1);
|
||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
||||
}
|
||||
// asymetric mode
|
||||
if(useid) {
|
||||
HASH_FIND_STR(pcpkey_hash, id, secret);
|
||||
if(secret == NULL) {
|
||||
fatal("Could not find a secret key with id 0x%s in vault %s!\n",
|
||||
id, vault->filename);
|
||||
goto errde3;
|
||||
}
|
||||
}
|
||||
else {
|
||||
secret = pcp_find_primary_secret();
|
||||
if(secret == NULL) {
|
||||
fatal("Could not find a secret key in vault %s!\n", id, vault->filename);
|
||||
goto errde3;
|
||||
}
|
||||
}
|
||||
if(secret->secret[0] == 0) {
|
||||
// encrypted, decrypt it
|
||||
char *passphrase;
|
||||
if(passwd == NULL) {
|
||||
pcp_readpass(&passphrase,
|
||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||
}
|
||||
else {
|
||||
passphrase = ucmalloc(strlen(passwd)+1);
|
||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
||||
}
|
||||
|
||||
secret = pcpkey_decrypt(secret, passphrase);
|
||||
if(secret == NULL)
|
||||
goto errde3;
|
||||
secret = pcpkey_decrypt(secret, passphrase);
|
||||
if(secret == NULL)
|
||||
goto errde3;
|
||||
}
|
||||
}
|
||||
}
|
||||
else {
|
||||
fatal("Could not determine input file type\n");
|
||||
goto errde3;
|
||||
}
|
||||
|
||||
size_t dlen = pcp_decrypt_file(in, out, secret);
|
||||
if(symkey == NULL)
|
||||
dlen = pcp_decrypt_file(in, out, secret, NULL);
|
||||
else
|
||||
dlen = pcp_decrypt_file(in, out, NULL, symkey);
|
||||
|
||||
if(dlen > 0) {
|
||||
fprintf(stderr, "Decrypted %d bytes successfully\n",
|
||||
@@ -100,14 +137,32 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
||||
pcp_pubkey_t *tmp = NULL;
|
||||
pcp_pubkey_t *pub = NULL;
|
||||
pcp_key_t *secret = NULL;
|
||||
unsigned char *symkey;
|
||||
int self = 0;
|
||||
|
||||
if(id == NULL && recipient == NULL) {
|
||||
// self mode
|
||||
self = 1;
|
||||
char *passphrase;
|
||||
if(passwd == NULL) {
|
||||
pcp_readpass(&passphrase,
|
||||
"Enter passphrase for symetric encryption", "Repeat passphrase", 1);
|
||||
}
|
||||
else {
|
||||
passphrase = ucmalloc(strlen(passwd)+1);
|
||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
||||
}
|
||||
unsigned char *salt = ucmalloc(90);
|
||||
char stsalt[] = PBP_COMPAT_SALT;
|
||||
memcpy(salt, stsalt, 90);
|
||||
symkey = pcp_scrypt(passphrase, crypto_secretbox_KEYBYTES, salt);
|
||||
free(salt);
|
||||
}
|
||||
else if(id != NULL) {
|
||||
// FIXME: mk id a plist_t with loop as well
|
||||
if(id != NULL) {
|
||||
// lookup by id
|
||||
HASH_FIND_STR(pcppubkey_hash, id, tmp);
|
||||
if(tmp == NULL) {
|
||||
// FIXME: use recipient to lookup by name or email
|
||||
// self-encryption: look if its a secret one
|
||||
pcp_key_t *s = NULL;
|
||||
HASH_FIND_STR(pcpkey_hash, id, s);
|
||||
@@ -152,38 +207,36 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
||||
goto erren3;
|
||||
}
|
||||
}
|
||||
else {
|
||||
fatal("id or recipient list required!\n");
|
||||
goto erren3;
|
||||
}
|
||||
|
||||
|
||||
if(self != 1) {
|
||||
// we're using a random secret keypair on our side
|
||||
#ifdef PCP_ASYM_ADD_SENDER_PUB
|
||||
secret = pcpkey_new();
|
||||
secret = pcpkey_new();
|
||||
#else
|
||||
secret = pcp_find_primary_secret();
|
||||
if(secret == NULL) {
|
||||
fatal("Could not find a secret key in vault %s!\n", id, vault->filename);
|
||||
goto erren2;
|
||||
}
|
||||
|
||||
if(secret->secret[0] == 0) {
|
||||
// encrypted, decrypt it
|
||||
char *passphrase;
|
||||
if(passwd == NULL) {
|
||||
pcp_readpass(&passphrase,
|
||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||
}
|
||||
else {
|
||||
passphrase = ucmalloc(strlen(passwd)+1);
|
||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
||||
}
|
||||
secret = pcpkey_decrypt(secret, passphrase);
|
||||
if(secret == NULL)
|
||||
secret = pcp_find_primary_secret();
|
||||
if(secret == NULL) {
|
||||
fatal("Could not find a secret key in vault %s!\n", id, vault->filename);
|
||||
goto erren2;
|
||||
}
|
||||
}
|
||||
|
||||
if(secret->secret[0] == 0) {
|
||||
// encrypted, decrypt it
|
||||
char *passphrase;
|
||||
if(passwd == NULL) {
|
||||
pcp_readpass(&passphrase,
|
||||
"Enter passphrase to decrypt your secret key", NULL, 1);
|
||||
}
|
||||
else {
|
||||
passphrase = ucmalloc(strlen(passwd)+1);
|
||||
strncpy(passphrase, passwd, strlen(passwd)+1);
|
||||
}
|
||||
secret = pcpkey_decrypt(secret, passphrase);
|
||||
if(secret == NULL)
|
||||
goto erren2;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if(infile == NULL)
|
||||
in = stdin;
|
||||
@@ -203,13 +256,20 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
|
||||
}
|
||||
}
|
||||
|
||||
size_t clen = pcp_encrypt_file(in, out, secret, pubhash, self);
|
||||
size_t clen;
|
||||
|
||||
if(self == 1)
|
||||
pcp_encrypt_file_sym(in, out, symkey, 0);
|
||||
else
|
||||
clen = pcp_encrypt_file(in, out, secret, pubhash);
|
||||
|
||||
if(clen > 0) {
|
||||
if(id != NULL)
|
||||
fprintf(stderr, "Encrypted %d bytes for 0x%s successfully\n", (int)clen, id);
|
||||
if(id == NULL && recipient == NULL)
|
||||
fprintf(stderr, "Encrypted %ld bytes symetrically\n", clen);
|
||||
else if(id != NULL)
|
||||
fprintf(stderr, "Encrypted %ld bytes for 0x%s successfully\n", clen, id);
|
||||
else {
|
||||
fprintf(stderr, "Encrypted %d bytes for:\n", (int)clen);
|
||||
fprintf(stderr, "Encrypted %ld bytes for:\n", clen);
|
||||
pcp_pubkey_t *cur, *t;
|
||||
HASH_ITER(hh, pubhash, cur, t) {
|
||||
fprintf(stderr, "%s <%s>\n", cur->owner, cur->mail);
|
||||
|
||||
54
src/pcp.c
54
src/pcp.c
@@ -63,6 +63,7 @@ int main (int argc, char **argv) {
|
||||
useid = 0;
|
||||
userec = 0;
|
||||
lo = 0;
|
||||
|
||||
static struct option longopts[] = {
|
||||
// generics
|
||||
{ "vault", required_argument, NULL, 'V' },
|
||||
@@ -86,6 +87,7 @@ int main (int argc, char **argv) {
|
||||
|
||||
// crypto
|
||||
{ "encrypt", no_argument, NULL, 'e' },
|
||||
{ "encrypt-me", no_argument, NULL, 'm' },
|
||||
{ "decrypt", no_argument, NULL, 'd' },
|
||||
|
||||
// encoding
|
||||
@@ -103,7 +105,7 @@ int main (int argc, char **argv) {
|
||||
{ NULL, 0, NULL, 0 }
|
||||
};
|
||||
|
||||
while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc:y",
|
||||
while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc:ym",
|
||||
longopts, NULL)) != -1) {
|
||||
|
||||
switch (opt) {
|
||||
@@ -156,6 +158,9 @@ int main (int argc, char **argv) {
|
||||
mode += PCP_MODE_ENCRYPT;
|
||||
usevault = 1;
|
||||
break;
|
||||
case 'm':
|
||||
mode += PCP_MODE_ENCRYPT_ME;
|
||||
break;
|
||||
case 'd':
|
||||
mode += PCP_MODE_DECRYPT;
|
||||
usevault = 1;
|
||||
@@ -336,11 +341,8 @@ int main (int argc, char **argv) {
|
||||
pcpencrypt(NULL, infile, outfile, xpass, recipient);
|
||||
}
|
||||
else if(useid == 0 && userec == 0) {
|
||||
// self mode
|
||||
pcp_key_t *k = pcp_find_primary_secret();
|
||||
id = ucmalloc(17);
|
||||
memcpy(id, k->id, 17);
|
||||
pcpencrypt(id, infile, outfile, xpass, NULL);
|
||||
// self mode, same as -m
|
||||
pcpencrypt(NULL, infile, outfile, xpass, NULL);
|
||||
}
|
||||
else {
|
||||
// -i and -r specified
|
||||
@@ -403,28 +405,32 @@ int main (int argc, char **argv) {
|
||||
pcpz85_decode(infile, outfile);
|
||||
break;
|
||||
|
||||
case PCP_MODE_TEXT:
|
||||
if(infile != NULL) {
|
||||
pcptext_infile(infile);
|
||||
case PCP_MODE_ENCRYPT_ME:
|
||||
pcpencrypt(NULL, infile, outfile, xpass, NULL);
|
||||
break;
|
||||
|
||||
case PCP_MODE_TEXT:
|
||||
if(infile != NULL) {
|
||||
pcptext_infile(infile);
|
||||
}
|
||||
else {
|
||||
pcphash_init();
|
||||
vault = pcpvault_init(vaultfile);
|
||||
if(! useid && infile == NULL) {
|
||||
pcptext_vault(vault);
|
||||
}
|
||||
else {
|
||||
pcphash_init();
|
||||
vault = pcpvault_init(vaultfile);
|
||||
if(! useid && infile == NULL) {
|
||||
pcptext_vault(vault);
|
||||
id = pcp_normalize_id(keyid);
|
||||
if(id != NULL) {
|
||||
pcptext_key(id);
|
||||
free(id);
|
||||
}
|
||||
else {
|
||||
id = pcp_normalize_id(keyid);
|
||||
if(id != NULL) {
|
||||
pcptext_key(id);
|
||||
free(id);
|
||||
}
|
||||
}
|
||||
pcpvault_close(vault);
|
||||
pcphash_clean();
|
||||
ucfree(vaultfile);
|
||||
}
|
||||
break;
|
||||
pcpvault_close(vault);
|
||||
pcphash_clean();
|
||||
ucfree(vaultfile);
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
// mode params mixed
|
||||
|
||||
@@ -65,7 +65,8 @@
|
||||
#define PCP_MODE_ZDECODE 0x00000962
|
||||
#define PCP_MODE_SIGN 0x00000FF6
|
||||
#define PCP_MODE_VERIFY 0x00001B25
|
||||
#define PCP_MODE_YAML 0x00002E25
|
||||
#define PCP_MODE_YAML 0x00002E27
|
||||
#define PCP_MODE_ENCRYPT_ME 0x00004E77
|
||||
|
||||
/*
|
||||
0x00001B25
|
||||
|
||||
26
src/usage.h
26
src/usage.h
@@ -60,14 +60,22 @@
|
||||
" as YAML formatted text. Use -O to put\n" \
|
||||
" the export into a file.\n" \
|
||||
"Encryption Options:\n" \
|
||||
"-e --encrypt Encrypt a message. Read from stdin or\n" \
|
||||
" specified via -I. If a keyid (-i) has been\n" \
|
||||
"-e --encrypt Asym-Encrypt a message. Read from stdin or\n" \
|
||||
" specified via -I. Output will be written\n" \
|
||||
" to stdout or the file given with -O.\n" \
|
||||
" If a keyid (-i) has been\n" \
|
||||
" given, use that public key for encryption.\n" \
|
||||
" If a recipient (-r) has been given, use\n" \
|
||||
" a derived public key. If none of -i or\n" \
|
||||
" -r has been given, use the primary\n" \
|
||||
" secret key and the public part of it\n" \
|
||||
" for encrytion (self-encryption mode).\n" \
|
||||
" If one or more recipient (-r) has been given,\n" \
|
||||
" encrypt the message for all recipients\n" \
|
||||
" asymetrically, given there are matching\n" \
|
||||
" public keys installed in the vault for them.\n" \
|
||||
" If none of -i or -r has been given, encrypt\n" \
|
||||
" the message symetrically. This is the same\n" \
|
||||
" as -m (self-encryption mode).\n" \
|
||||
"-m --encrypt-me Sym-Encrypt a message. Specify -I and/or\n" \
|
||||
" -O for input/output file. You will be asked\n" \
|
||||
" for a passphrase. No key material will\n" \
|
||||
" be used. Same as -e without -r and -i.\n" \
|
||||
"-d --decrypt Decrypt a message. Read from stdin or\n" \
|
||||
" specified via -I. Output to stdout or\n" \
|
||||
" written to the file specified via -O.\n" \
|
||||
@@ -76,6 +84,10 @@
|
||||
" just one secret key in the vault, this\n" \
|
||||
" one will be used. Otherwise you'll have\n" \
|
||||
" to specify the keyid (-i) of the key.\n" \
|
||||
" You need to have the public key of the\n" \
|
||||
" sender installed in your vault.\n" \
|
||||
" If the input is self-encrypted (symetrically)\n" \
|
||||
" a passphrase will be requested.\n" \
|
||||
"\n" \
|
||||
"Signature Options:\n" \
|
||||
"-g --sign Create a signature of file specified with\n" \
|
||||
|
||||
@@ -58,14 +58,22 @@ Keymanagement Options:
|
||||
as YAML formatted text. Use -O to put
|
||||
the export into a file.
|
||||
Encryption Options:
|
||||
-e --encrypt Encrypt a message. Read from stdin or
|
||||
specified via -I. If a keyid (-i) has been
|
||||
-e --encrypt Asym-Encrypt a message. Read from stdin or
|
||||
specified via -I. Output will be written
|
||||
to stdout or the file given with -O.
|
||||
If a keyid (-i) has been
|
||||
given, use that public key for encryption.
|
||||
If a recipient (-r) has been given, use
|
||||
a derived public key. If none of -i or
|
||||
-r has been given, use the primary
|
||||
secret key and the public part of it
|
||||
for encrytion (self-encryption mode).
|
||||
If one or more recipient (-r) has been given,
|
||||
encrypt the message for all recipients
|
||||
asymetrically, given there are matching
|
||||
public keys installed in the vault for them.
|
||||
If none of -i or -r has been given, encrypt
|
||||
the message symetrically. This is the same
|
||||
as -m (self-encryption mode).
|
||||
-m --encrypt-me Sym-Encrypt a message. Specify -I and/or
|
||||
-O for input/output file. You will be asked
|
||||
for a passphrase. No key material will
|
||||
be used. Same as -e without -r and -i.
|
||||
-d --decrypt Decrypt a message. Read from stdin or
|
||||
specified via -I. Output to stdout or
|
||||
written to the file specified via -O.
|
||||
@@ -74,6 +82,10 @@ Encryption Options:
|
||||
just one secret key in the vault, this
|
||||
one will be used. Otherwise you'll have
|
||||
to specify the keyid (-i) of the key.
|
||||
You need to have the public key of the
|
||||
sender installed in your vault.
|
||||
If the input is self-encrypted (symetrically)
|
||||
a passphrase will be requested.
|
||||
|
||||
Signature Options:
|
||||
-g --sign Create a signature of file specified with
|
||||
|
||||
Reference in New Issue
Block a user