removed support to store unencrypted secret key

2025-12-17 12:00:56 +01:00 · 2015-08-19 20:53:46 +02:00
parent a9d4ef6ff3
commit da70c4479e
8 changed files with 83 additions and 125 deletions
--- a/4
+++ b/4
@@ -14,6 +14,10 @@ NEXT
 	Added check for weak passphrases using entropy
 	test. Used with -k.

+	Removed support for unencrypted secret key storage
+	so, pcp aims to be secure by default and fails
+	safely.
+
 0.3.0
 	Changed publuc key signature storage, previously
 	I didn't add the actual signature, therefore a
--- a/libpcp/readpass.c
+++ b/libpcp/readpass.c
@@ -24,6 +24,9 @@
 * SUCH DAMAGE.
 */

+/*
+ * Modifications (c) 2013 - 2015 by T.v.Dein, same license as this file.
+ */

 #include "readpass.h"

@@ -101,6 +104,8 @@ retry:
 		goto err2;
 	}

+
+
 	/* Confirm the password if necessary. */
 	if (confirmprompt != NULL) {
 		if (usingtty)
@@ -119,6 +124,13 @@ retry:
 	/* Terminate the string at the first "\r" or "\n" (if any). */
 	passbuf[strcspn(passbuf, "\r\n")] = '\0';

+	/* enforce no empty passwords */
+	if (strnlen(passbuf, MAXPASSLEN) == 0) {
+	  fprintf(stderr,
+		  "Empty password not allowed, please try again\n");
+	  goto retry;
+	}
+	
 	/* If we changed terminal settings, reset them. */
 	if (usingtty)
 		tcsetattr(fileno(readfrom), TCSANOW, &term_old);
--- a/man/options.pod
+++ b/man/options.pod
@@ -38,9 +38,7 @@
                           been specified, don't store the generated
                           key to the vault but export it to the
                           file instead. You will be asked for
-                           an owner, mail and a passphrase. If you
-                           leave the passphrase empty, the key will
-                           be stored unencrypted.
+                           an owner, mail and a passphrase.
 -l --listkeys             List all keys currently stored in your
                           vault. Only the key id's and some info
                           about the keys will be printed, not the
--- a/src/encryption.c
+++ b/src/encryption.c
@@ -95,8 +95,7 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
 	  goto errde3;
 	}
      }
-      if(secret->secret[0] == 0) {
-	/*  encrypted, decrypt it */
+
      char *passphrase;
      if(passwd == NULL) {
 	pcp_readpass(ptx, &passphrase,
@@ -118,7 +117,6 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
      if(head == PCP_ASYM_CIPHER_SIG)
 	verify = 1;
    }
-    }
    else {
      fatal(ptx, "Could not determine input file type (got: %02x)\n", head);
      goto errde3;
@@ -264,8 +262,6 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
 	goto erren2;
      }

-      if(secret->secret[0] == 0) {
-        /*  encrypted, decrypt it */
      char *passphrase;
      if(passwd == NULL) {
 	pcp_readpass(ptx, &passphrase,
@@ -279,7 +275,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
      sfree(passphrase);
      if(secret == NULL)
 	goto erren2;
-      }
+      
    }
  }

--- a/src/keymgmt.c
+++ b/src/keymgmt.c
@@ -1,7 +1,7 @@
 /*
    This file is part of Pretty Curved Privacy (pcp1).

-    Copyright (C) 2013-2015 T.Linden.
+    Copyright (C) 2013-2015 T.v.Dein.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -97,15 +97,11 @@ void pcp_keygen(char *passwd) {
    key = pcpkey_encrypt(ptx, k, passphrase);
  }
  else {
-    char *yes = pcp_getstdin("WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?");
-    if(strncmp(yes, "yes", 1024) == 0)
-      key = k;
-    else {
-      memset(key, 0, sizeof(pcp_key_t));
-      free(key);
+    /* No unencrypted secret key allowed anymore [19.08.2015, tom] */
+    memset(k, 0, sizeof(pcp_key_t));
+    free(k);
    goto errkg1;
  }
-  }

  if(key != NULL) {
    fprintf(stderr, "Generated new secret key:\n");
@@ -239,8 +235,6 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
    if(debug)
      pcp_dumpkey(key);

-    if(key->secret[0] == 0) {
-      /* decrypt the secret key */
    if(passwd == NULL) {
      char *passphrase;
      pcp_readpass(ptx, &passphrase,
@@ -258,7 +252,6 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
 	goto errexpse1;
      }
    }
-    }

    Buffer *exported_sk;

--- a/src/pcp.c
+++ b/src/pcp.c
@@ -270,8 +270,6 @@ int main (int argc, char **argv)  {
      case 'x':
 	xpass = smalloc(strlen(optarg)+1);
 	strncpy(xpass, optarg, strlen(optarg)+1);
-	if(strncmp(xpass, "n/a", 3) == 0)
-	  xpass[0] = '\0';
 	break;
      case LONG_EXTPASS:
 	askpass = malloc(strlen(optarg)+1);
--- a/src/signature.c
+++ b/src/signature.c
@@ -54,8 +54,6 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) {
    }
  }

-  if(secret->secret[0] == 0) {
-    /*  encrypted, decrypt it */
  char *passphrase;
  if(passwd == NULL) {
    pcp_readpass(ptx, &passphrase,
@@ -70,7 +68,6 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) {
  sfree(passphrase);
  if(secret == NULL)
    goto errs1;
-  }

  Pcpstream *pin = ps_new_file(in);
  Pcpstream *pout = ps_new_file(out);
--- a/tests/unittests.cfg
+++ b/tests/unittests.cfg
@@ -2,7 +2,7 @@
 #
 #    This file is part of Pretty Curved Privacy (pcp1).
 #
-#    Copyright (C) 2013 T.Linden.
+#    Copyright (C) 2013-2015 T.v.Dein.
 #
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -259,55 +259,15 @@ temporarily disabled

 #
 # symetric encryption test
-# FIXME: we currently use -V ve, but this one has to work without a vault
 <test check-sym-encrypt>
-  cmd = echo HELLOWORLD | $pcp -V ve -e -O testsymencrypted -x a
+  cmd = echo HELLOWORLD | $pcp -e -O testsymencrypted -x a
  expect = /symetrically/
 </test>
 <test check-sym-decrypt>
-  cmd = $pcp -V ve -d -I testsymencrypted -x a
+  cmd = $pcp -d -I testsymencrypted -x a
  expect = /HELLO/
 </test>

-#
-# check usage of unencrypted secret key
-<test vcl>
-  prepare = rm -f vb2 vcl
-  <test check-vcl-crypto-unencrypted-secret>
-    cmd = (echo dau; echo foo; echo yes) | $pcp -V vcl -k -x "n/a"
-    expect = /added to/
-  </test>
-  
-  <test check-vcl-prepare-import-bpub>
-    cmd = $pcp -V vcl -I key-bobby-pub -K
-    expect = /added/
-  </test>
-
-  <test check-vcl-export-unencrypted-pubkey>
-    cmd = $pcp -V vcl -p -O testkeyvcl
-    expect = /exported/
-  </test>
-
-  <test check-vcl-import-bsecret>
-    cmd = $pcp -V vb2 -K -I key-bobby-sec -x b
-    expect = /${idbobby}/
-  </test>
-
-  <test check-vcl-import-unencrypted-pubkey>
-    cmd =  $pcp -V vb2 -K -I testkeyvcl
-    expect = /added/
-  </test>
-
-  <test check-vcl-crypto-unencrypted-secret-message>
-    cmd     = echo HALLO | $pcp -V vcl -e -O testencrypted -i ${idbobby}
-    expect  = /Bobby/
-  </test>
-
-  <test check-vcl-crypto-unencrypted-secret-read>
-    cmd = $pcp -V vb2 -d -I testencrypted -x b
-    expect  = /HALLO/
-  </test>
-</test>

 #
 # signature tests