scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-16 19:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

added option -X

Browse Source
This commit is contained in:
TLINDEN
2015-05-30 11:11:20 +02:00
parent d1bc54de01
commit 65d039501d
20 changed files with 755 additions and 549 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -46,6 +46,8 @@ NEXT
to older pcp versions, but is more portable and
removes to burden to keep this code up to date.
added option -X (read passphrase from file).
0.2.4 fixed compiler macro misplacement (github#4).
fixed invalid free (github#5).

56
FAQ
View File

@@ -2,3 +2,59 @@
./configure --disable-debug
make LDFLAGS="-all-static -s"
= choosing a strong passphrase =
A passphrase like Ahc<e3% is not really secure. First
it's difficult to memorize, second it's easy for a computer
to compute. The better aproach is to use a passphrase
you can easily momorize and which is hard for a computer
to compute (i.e. to guess) like: Phantom orchestra boredom popcorn.
Read [1] to learn more.
Pcp doesn't enforce a password policy nor does it check
the password quality. Use something like pwqcheck [2].
= supply password non-interactively without blocking stdin =
Sometimes (e.g. for tests) there's no controlling terminal from
which pcp could request a passphrase if needed. In such cases
you can use the option -X <file> so that it reads the passphrase
from that file.
However if you call -X - then it will read the passphrase from
stdin. But what if the data to be processed shall be read from
stdin as well?
Use a pipe:
mkfifo /tmp/pwpipe
chmod 600 /tmp/pwpipe
export HISTIGNORE=printf
printf "%s\n", "password" > /tmp/pwpipe &
cat cleartext | pcp1 -e -O output -X /tmp/pwpipe
rm -f /tmp/pwpipe
So, what happens here? We create a named pipe in /tmp/pwpipe and
print the passphrase into it. We use printf, because this is a
shell built-in and does not appear in any process listing or
process accounting. But note the '&' after the printf command:
we're sending it into the background. Why? Because a named pipe
is a real simple device. It blocks writing if there's no reader
and it blocks reading if there's no writer. So in our case we
put the passphrase into it, but the printf command will be blocked
until some other process reads it from the pipe, which is precisely
what happens in the next line. Pcp uses the pipe (because of -X),
reads the passphrase from there and proceeds with it's normal
business. Meanwhile the printf command exits.
[1]
https://firstlook.org/theintercept/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
[2]
http://www.openwall.com/passwdqc/

33
README
View File

@@ -65,7 +65,38 @@ QUICKSTART
just sick of Alice and Bob. We're running NSA-free, so we're using other
sample names as well.
INSTALLATION
FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified it will
read input from standard input (STDIN) and print output to standard
output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because -I has
not been specified. It works the same with -O:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more realistic
example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to someone.
The behavior is the same with any other functionality where files are
involved like importing or exporting keys. However, there's one
exception: If the option -X (--password-file) has been used and is set
to -, then this will take precedence over any other possible use of
standard input. So if you want to encrypt something and don't specify an
input file you cannot use -X -, and vice versa. IF you use -X - the
passphrase will be read from standard input, which then can't be used
further for input files elsewhere. Pcp will exit with an error in such a
case. =head1 INSTALLATION
There are currently no packages available, so pcp has to be compiled
from source. Follow these steps:

33
README.pod
View File

@@ -69,6 +69,39 @@ Oh - and if you're wondering why I named them Alicia and Bobby:
I was just sick of Alice and Bob. We're running NSA-free, so we're
using other sample names as well.
=head1 FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified
it will read input from standard input (STDIN) and print output
to standard output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because B<-I>
has not been specified. It works the same with B<-O>:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more
realistic example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to
someone.
The behavior is the same with any other functionality where files are involved
like importing or exporting keys. However, there's one exception:
If the option B<-X> (B<--password-file>) has been used and is set
to B<->, then this will take precedence over any other possible use
of standard input. So if you want to encrypt something and don't
specify an input file you cannot use B<-X ->, and vice versa. IF
you use B<-X -> the passphrase will be read from standard input, which
then can't be used further for input files elsewhere. Pcp will exit
with an error in such a case.
=head1 INSTALLATION
There are currently no packages available, so B<pcp> has to be

3
autogen.sh
View File

@@ -60,8 +60,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
(cd src && ./usage.sh)
# generate pypcp types
cd bindings/py
./gencffi.pl include/pcp/defines.h include/pcp/structs.h include/pcp/key.h \
bindings/py/gencffi.pl include/pcp/defines.h include/pcp/structs.h include/pcp/key.h \
include/pcp/buffer.h include/pcp/context.h \
include/pcp/ed.h include/pcp/crypto.h include/pcp/vault.h \
include/pcp/mgmt.h include/pcp/keyhash.h \

913
bindings/py/pypcp/raw.py
View File

File diff suppressed because it is too large Load Diff

1
include/pcp.h
View File

@@ -7,6 +7,7 @@ extern "C" {
#include "pcp/config.h"
#include "pcp/buffer.h"
#include "pcp/config.h"
#include "pcp/context.h"
#include "pcp/crypto.h"
#include "pcp/defines.h"

7
libpcp/pcpstream.c
View File

@@ -1,7 +1,7 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013-2014 T.v.Dein.
Copyright (C) 2013-2015 T.v.Dein.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -39,7 +39,10 @@ Pcpstream *ps_init(void) {
Pcpstream *ps_new_file(FILE *backendfd) {
Pcpstream *stream = ps_init();
stream->fd = backendfd;
if(backendfd == NULL)
stream->err = 1;
else
stream->fd = backendfd;
return stream;
}

4
man/options.pod
View File

@@ -9,6 +9,10 @@
will be used.
-I --infile <file> Input file. If not specified, stdin
will be used.
-X --password-file <file> Read passphrase from <file>. If <file>
is -, read from stdin. This takes
precedence over other uses of stdin
elsewhere, see below for more details.
-i --keyid <id> Specify a key id to import/export.
-r --recipient <string> Specify a recpipient, used for public
key export and encryption.

33
man/pcp.pod
View File

@@ -69,3 +69,36 @@ Oh - and if you're wondering why I named them Alicia and Bobby:
I was just sick of Alice and Bob. We're running NSA-free, so we're
using other sample names as well.
=head1 FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified
it will read input from standard input (STDIN) and print output
to standard output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because B<-I>
has not been specified. It works the same with B<-O>:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more
realistic example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to
someone.
The behavior is the same with any other functionality where files are involved
like importing or exporting keys. However, there's one exception:
If the option B<-X> (B<--password-file>) has been used and is set
to B<->, then this will take precedence over any other possible use
of standard input. So if you want to encrypt something and don't
specify an input file you cannot use B<-X ->, and vice versa. IF
you use B<-X -> the passphrase will be read from standard input, which
then can't be used further for input files elsewhere. Pcp will exit
with an error in such a case.

46
man/pcp1.1
View File

@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "PCP1 1"
.TH PCP1 1 "2015-04-19" "PCP 0.2.6" "USER CONTRIBUTED DOCUMENTATION"
.TH PCP1 1 "2015-05-30" "PCP 0.2.6" "USER CONTRIBUTED DOCUMENTATION"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,6 +149,7 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
\& \-V \-\-vault <vaultfile> Specify an alternate vault file.
\& \-O \-\-outfile <file> Output file. STDOUT if unspecified.
\& \-I \-\-infile <file> Input file. STDIN if unspecified.
\& \-X \-\-password\-file <file> Read passphrase from <file>.
\& \-i \-\-keyid <id> Specify a key id for various operations.
\& \-r \-\-recipient <string> Specify a recpipient, multiple allowed.
\& \-t \-\-text Print textual representation of ojects.
@@ -195,6 +196,10 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
\& will be used.
\& \-I \-\-infile <file> Input file. If not specified, stdin
\& will be used.
\& \-X \-\-password\-file <file> Read passphrase from <file>. If <file>
\& is \-, read from stdin. This takes
\& precedence over other uses of stdin
\& elsewhere, see below for more details.
\& \-i \-\-keyid <id> Specify a key id to import/export.
\& \-r \-\-recipient <string> Specify a recpipient, used for public
\& key export and encryption.
@@ -392,6 +397,45 @@ to actually decrypt the message.
Oh \- and if you're wondering why I named them Alicia and Bobby:
I was just sick of Alice and Bob. We're running NSA-free, so we're
using other sample names as well.
.SH "FILES AND PIPES"
.IX Header "FILES AND PIPES"
Pcp behaves like any other unix tool. If not otherwise specified
it will read input from standard input (\s-1STDIN\s0) and print output
to standard output (\s-1STDOUT\s0). For instance:
.PP
.Vb 1
\& pcp1 \-e \-O output
.Ve
.PP
will read the text to be encrypted from standard input, because \fB\-I\fR
has not been specified. It works the same with \fB\-O\fR:
.PP
.Vb 1
\& pcp1 \-e \-I myfile
.Ve
.PP
In this case the encrypted result will be written to standard output.
.PP
Therefore it is possible to use pcp within pipes. Another more
realistic example:
.PP
.Vb 1
\& ssh remote cat file | pcp1 \-ez | mailx \-s \*(Aqas requested\*(Aq bob@somewhere
.Ve
.PP
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to
someone.
.PP
The behavior is the same with any other functionality where files are involved
like importing or exporting keys. However, there's one exception:
If the option \fB\-X\fR (\fB\-\-password\-file\fR) has been used and is set
to \fB\-\fR, then this will take precedence over any other possible use
of standard input. So if you want to encrypt something and don't
specify an input file you cannot use \fB\-X \-\fR, and vice versa. \s-1IF\s0
you use \fB\-X \-\fR the passphrase will be read from standard input, which
then can't be used further for input files elsewhere. Pcp will exit
with an error in such a case.
.SH "PCP1 KEYS"
.IX Header "PCP1 KEYS"
\&\fBpcp1\fR keys are stored in a binary file, called \fBthe vault\fR.

38
man/pcp1.pod
View File

@@ -21,6 +21,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
-V --vault <vaultfile> Specify an alternate vault file.
-O --outfile <file> Output file. STDOUT if unspecified.
-I --infile <file> Input file. STDIN if unspecified.
-X --password-file <file> Read passphrase from <file>.
-i --keyid <id> Specify a key id for various operations.
-r --recipient <string> Specify a recpipient, multiple allowed.
-t --text Print textual representation of ojects.
@@ -66,6 +67,10 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
will be used.
-I --infile <file> Input file. If not specified, stdin
will be used.
-X --password-file <file> Read passphrase from <file>. If <file>
is -, read from stdin. This takes
precedence over other uses of stdin
elsewhere, see below for more details.
-i --keyid <id> Specify a key id to import/export.
-r --recipient <string> Specify a recpipient, used for public
key export and encryption.
@@ -257,6 +262,39 @@ Oh - and if you're wondering why I named them Alicia and Bobby:
I was just sick of Alice and Bob. We're running NSA-free, so we're
using other sample names as well.
=head1 FILES AND PIPES
Pcp behaves like any other unix tool. If not otherwise specified
it will read input from standard input (STDIN) and print output
to standard output (STDOUT). For instance:
pcp1 -e -O output
will read the text to be encrypted from standard input, because B<-I>
has not been specified. It works the same with B<-O>:
pcp1 -e -I myfile
In this case the encrypted result will be written to standard output.
Therefore it is possible to use pcp within pipes. Another more
realistic example:
ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
here we encrypt a file symmetrically without downloading it from a
remote ssh server and sending the encrypted result via email to
someone.
The behavior is the same with any other functionality where files are involved
like importing or exporting keys. However, there's one exception:
If the option B<-X> (B<--password-file>) has been used and is set
to B<->, then this will take precedence over any other possible use
of standard input. So if you want to encrypt something and don't
specify an input file you cannot use B<-X ->, and vice versa. IF
you use B<-X -> the passphrase will be read from standard input, which
then can't be used further for input files elsewhere. Pcp will exit
with an error in such a case.
=head1 PCP1 KEYS

10
src/encryption.c
View File

@@ -1,7 +1,7 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013-2014 T.v.Dein.
Copyright (C) 2013-2015 T.v.Dein.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -67,7 +67,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
char *passphrase;
if(passwd == NULL) {
pcp_readpass(&passphrase,
"Enter passphrase for symetric decryption", NULL, 1);
"Enter passphrase for symetric decryption", NULL, 1, NULL);
}
else {
passphrase = smalloc(strlen(passwd)+1);
@@ -100,7 +100,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
char *passphrase;
if(passwd == NULL) {
pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1);
"Enter passphrase to decrypt your secret key", NULL, 1, NULL);
}
else {
passphrase = smalloc(strlen(passwd)+1);
@@ -174,7 +174,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
char *passphrase;
if(passwd == NULL) {
pcp_readpass(&passphrase,
"Enter passphrase for symetric encryption", "Repeat passphrase", 1);
"Enter passphrase for symetric encryption", "Repeat passphrase", 1, NULL);
}
else {
passphrase = smalloc(strlen(passwd)+1);
@@ -268,7 +268,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
char *passphrase;
if(passwd == NULL) {
pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1);
"Enter passphrase to decrypt your secret key", NULL, 1, NULL);
}
else {
passphrase = smalloc(strlen(passwd)+1);

19
src/keymgmt.c
View File

@@ -1,7 +1,7 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
Copyright (C) 2013-2015 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -79,7 +79,7 @@ void pcp_keygen(char *passwd) {
if(passwd == NULL) {
pcp_readpass(&passphrase,
"Enter passphrase for key encryption",
"Enter the passphrase again", 1);
"Enter the passphrase again", 1, NULL);
}
else {
passphrase = ucmalloc(strlen(passwd)+1);
@@ -231,7 +231,7 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
if(passwd == NULL) {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1);
"Enter passphrase to decrypt your secret key", NULL, 1, NULL);
key = pcpkey_decrypt(ptx, key, passphrase);
if(key == NULL) {
sfree(passphrase);
@@ -255,7 +255,8 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase to encrypt the exported secret key", "Repeat passphrase", 1);
"Enter passphrase to encrypt the exported secret key",
"Repeat passphrase", 1, NULL);
exported_sk = pcp_export_secret(ptx, key, passphrase);
sfree(passphrase);
}
@@ -344,7 +345,7 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1);
"Enter passphrase to decrypt your secret key", NULL, 1, NULL);
sk = pcpkey_decrypt(ptx, sk, passphrase);
sfree(passphrase);
}
@@ -448,7 +449,7 @@ void pcpedit_key(char *keyid) {
if(key != NULL) {
if(key->secret[0] == 0) {
char *passphrase;
pcp_readpass(&passphrase, "Enter passphrase to decrypt the key", NULL, 1);
pcp_readpass(&passphrase, "Enter passphrase to decrypt the key", NULL, 1, NULL);
key = pcpkey_decrypt(ptx, key, passphrase);
sfree(passphrase);
}
@@ -501,7 +502,7 @@ void pcpedit_key(char *keyid) {
char *passphrase;
pcp_readpass(&passphrase,
"Enter new passphrase for key encryption (press enter to keep current)",
"Enter the passphrase again", 1);
"Enter the passphrase again", 1, NULL);
if(strnlen(passphrase, 1024) > 0) {
key = pcpkey_encrypt(ptx, key, passphrase);
@@ -610,7 +611,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase to decrypt the secret key file", NULL, 1);
"Enter passphrase to decrypt the secret key file", NULL, 1, NULL);
sk = pcp_import_secret(ptx, buf, bufsize, passphrase);
sfree(passphrase);
}
@@ -636,7 +637,7 @@ int pcp_import (vault_t *vault, FILE *in, char *passwd) {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase for key encryption",
"Enter the passphrase again", 1);
"Enter the passphrase again", 1, NULL);
if(strnlen(passphrase, 1024) > 0) {
/* encrypt the key */

56
src/pcp.c
View File

@@ -1,7 +1,7 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
Copyright (C) 2013-2015 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -45,8 +45,17 @@ char *default_vault() {
return path;
}
char *altin(char *infile, int stdinused) {
if(infile == NULL && stdinused == 1) {
fprintf(stderr, "Error: cannot use <stdin> because -X had precedence!\n");
exit(1);
}
return infile;
}
int main (int argc, char **argv) {
int opt, mode, usevault, useid, userec, lo, armor, detach, signcrypt, exportformat, anon;
int opt, mode, usevault, useid, userec, lo, armor, detach, \
signcrypt, exportformat, anon, xpf;
char *vaultfile = default_vault();
char *outfile = NULL;
char *infile = NULL;
@@ -54,6 +63,7 @@ int main (int argc, char **argv) {
char *keyid = NULL;
char *id = NULL;
char *xpass = NULL;
char *xpassfile = NULL;
char *extra = NULL;
plist_t *recipient = NULL;
FILE *in;
@@ -69,6 +79,7 @@ int main (int argc, char **argv) {
detach = 0;
signcrypt = 0;
anon = 0;
xpf = 0;
exportformat = EXP_FORMAT_NATIVE;
ptx = ptx_new();
@@ -81,6 +92,7 @@ int main (int argc, char **argv) {
{ "keyid", required_argument, NULL, 'i' },
{ "text", required_argument, NULL, 't' },
{ "xpass", required_argument, NULL, 'x' },
{ "password-file", required_argument, NULL, 'X' },
{ "recipient", required_argument, NULL, 'r' },
/* key management */
@@ -123,7 +135,7 @@ int main (int argc, char **argv) {
{ NULL, 0, NULL, 0 }
};
while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0KAM",
while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0KAMX:",
longopts, NULL)) != -1) {
switch (opt) {
@@ -251,13 +263,18 @@ int main (int argc, char **argv) {
strncpy(infile, optarg, strlen(optarg)+1);
}
break;
case 'X':
xpassfile = ucmalloc(strlen(optarg)+1);
strncpy(xpassfile, optarg, strlen(optarg)+1);
xpf = 1;
break;
case 'i':
keyid = ucmalloc(19);
strncpy(keyid, optarg, 19);
useid = 1;
break;
case 'x':
xpass = ucmalloc(strlen(optarg)+1);
xpass = smalloc(strlen(optarg)+1);
strncpy(xpass, optarg, strlen(optarg)+1);
if(strncmp(xpass, "n/a", 3) == 0)
xpass[0] = '\0';
@@ -405,6 +422,13 @@ int main (int argc, char **argv) {
free(extra);
}
if(xpassfile != NULL) {
pcp_readpass(&xpass, "passphrase", NULL, 0, xpassfile);
if(xpassfile[0] != '-')
xpf = 0;
free(xpassfile);
}
/* check if there's some enviroment we could use */
if(usevault == 1) {
char *_vaultfile = getenv("PCP_VAULT");
@@ -453,8 +477,10 @@ int main (int argc, char **argv) {
break;
case PCP_MODE_IMPORT:
if(infile == NULL)
if(infile == NULL) {
altin(NULL, xpf);
in = stdin;
}
else {
if((in = fopen(infile, "rb")) == NULL) {
fatal(ptx, "Could not open input file %s\n", infile);
@@ -492,11 +518,11 @@ int main (int argc, char **argv) {
if(useid == 1 && userec == 0) {
/* one dst, FIXME: make id a list as well */
id = pcp_normalize_id(keyid);
pcpencrypt(id, infile, outfile, xpass, NULL, signcrypt, armor, anon);
pcpencrypt(id, altin(infile, xpf), outfile, xpass, NULL, signcrypt, armor, anon);
}
else if(useid == 0 && userec == 1) {
/* multiple dst */
pcpencrypt(NULL, infile, outfile, xpass, recipient, signcrypt, armor, anon);
pcpencrypt(NULL, altin(infile, xpf), outfile, xpass, recipient, signcrypt, armor, anon);
}
else {
/* -i and -r specified */
@@ -509,11 +535,11 @@ int main (int argc, char **argv) {
if(useid) {
id = pcp_normalize_id(keyid);
if(id != NULL) {
pcpdecrypt(id, useid, infile, outfile, xpass, signcrypt);
pcpdecrypt(id, useid, altin(infile, xpf), outfile, xpass, signcrypt);
}
}
else {
pcpdecrypt(NULL, useid, infile, outfile, xpass, signcrypt);
pcpdecrypt(NULL, useid, altin(infile, xpf), outfile, xpass, signcrypt);
}
break;
@@ -522,21 +548,21 @@ int main (int argc, char **argv) {
if(outfile != NULL && sigfile != NULL)
fatal(ptx, "You can't both specify -O and -f, use -O for std signatures and -f for detached ones\n");
else
pcpsign(infile, sigfile, xpass, armor, detach);
pcpsign(altin(infile, xpf), sigfile, xpass, armor, detach);
}
else
pcpsign(infile, outfile, xpass, armor, detach);
pcpsign(altin(infile, xpf), outfile, xpass, armor, detach);
break;
case PCP_MODE_VERIFY:
if(useid) {
id = pcp_normalize_id(keyid);
if(id != NULL) {
pcpverify(infile, sigfile, id, detach);
pcpverify(altin(infile, xpf), sigfile, id, detach);
}
}
else {
pcpverify(infile, sigfile, NULL, detach);
pcpverify(altin(infile, xpf), sigfile, NULL, detach);
}
break;
@@ -564,7 +590,7 @@ int main (int argc, char **argv) {
break;
case PCP_MODE_ENCRYPT_ME:
pcpencrypt(NULL, infile, outfile, xpass, NULL, 0, armor, 0);
pcpencrypt(NULL, altin(infile, xpf), outfile, xpass, NULL, 0, armor, 0);
break;
case PCP_MODE_TEXT:
@@ -606,7 +632,7 @@ int main (int argc, char **argv) {
if(sigfile != NULL)
free(sigfile);
if(xpass != NULL)
ucfree(xpass, strlen(xpass));
sfree(xpass);
if(recipient != NULL)
p_clean(recipient);
if(id != NULL)

42
src/readpass.c
View File

@@ -40,7 +40,7 @@
*/
int
pcp_readpass(char ** passwd, const char * prompt,
const char * confirmprompt, int devtty)
const char * confirmprompt, int devtty, char *readfromfile)
{
FILE * readfrom;
char passbuf[MAXPASSLEN];
@@ -51,9 +51,27 @@ pcp_readpass(char ** passwd, const char * prompt,
/*
* If devtty != 0, try to open /dev/tty; if that fails, or if devtty
* is zero, we'll read the password from stdin instead.
*
* Added by tlinden: however, if readfromfile is defined, we'll
* read the password from there, but if it is '-' we'll use stdin
* as well.
*/
if ((devtty == 0) || ((readfrom = fopen("/dev/tty", "r")) == NULL))
readfrom = stdin;
if ((devtty == 0) || ((readfrom = fopen("/dev/tty", "r")) == NULL)) {
if(readfromfile != NULL) {
if(readfromfile[0] == '-') {
readfrom = stdin;
}
else {
if((readfrom = fopen(readfromfile, "r")) == NULL) {
fatal(ptx, "Could not open password file '%s'\n", readfromfile);
goto err1;
}
}
}
else {
readfrom = stdin;
}
}
/* If we're reading from a terminal, try to disable echo. */
if ((usingtty = isatty(fileno(readfrom))) != 0) {
@@ -102,20 +120,20 @@ retry:
if (usingtty)
tcsetattr(fileno(readfrom), TCSANOW, &term_old);
/* Close /dev/tty if we opened it. */
if (readfrom != stdin)
fclose(readfrom);
/* Close /dev/tty if we opened it.
if readfromfile is defined and set to -, disable stdin */
if (readfrom != stdin) {
fclose(readfrom);
}
else {
if(readfromfile != NULL)
stdin = NULL;
}
/* Copy the password out. */
char *p = smalloc(strlen(passbuf) + 1);
memcpy(p, passbuf, strlen(passbuf) + 1 );
*passwd = p;
/*
if ((*passwd = strdup(passbuf)) == NULL) {
fatal(ptx, "Cannot allocate memory\n");
goto err1;
}
*/
/* Zero any stored passwords. */
memset(passbuf, 0, MAXPASSLEN);

2
src/readpass.h
View File

@@ -52,6 +52,6 @@
* ${passwd}. The obscure name is to avoid namespace collisions due to the
* getpass / readpass / readpassphrase / etc. functions in various libraries.
*/
int pcp_readpass(char **, const char *, const char *, int);
int pcp_readpass(char **, const char *, const char *, int, char *);
#endif /* !_READPASS_H_ */

4
src/signature.c
View File

@@ -1,7 +1,7 @@
/*
This file is part of Pretty Curved Privacy (pcp1).
Copyright (C) 2013 T.Linden.
Copyright (C) 2013-2015 T.Linden.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -59,7 +59,7 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) {
char *passphrase;
if(passwd == NULL) {
pcp_readpass(&passphrase,
"Enter passphrase to decrypt your secret key", NULL, 1);
"Enter passphrase to decrypt your secret key", NULL, 1, NULL);
}
else {
passphrase = smalloc(strlen(passwd)+1);

1
src/usage.h
View File

@@ -16,6 +16,7 @@
"-V --vault <vaultfile> Specify an alternate vault file.\n" \
"-O --outfile <file> Output file. STDOUT if unspecified.\n" \
"-I --infile <file> Input file. STDIN if unspecified.\n" \
"-X --password-file <file> Read passphrase from <file>.\n" \
"-i --keyid <id> Specify a key id for various operations.\n" \
"-r --recipient <string> Specify a recpipient, multiple allowed.\n" \
"-t --text Print textual representation of ojects.\n" \

1
src/usage.txt
View File

@@ -14,6 +14,7 @@ General Options:
-V --vault <vaultfile> Specify an alternate vault file.
-O --outfile <file> Output file. STDOUT if unspecified.
-I --infile <file> Input file. STDIN if unspecified.
-X --password-file <file> Read passphrase from <file>.
-i --keyid <id> Specify a key id for various operations.
-r --recipient <string> Specify a recpipient, multiple allowed.
-t --text Print textual representation of ojects.