From 1c65e0cf8a471ed2790174a383c7ce1942df0b94 Mon Sep 17 00:00:00 2001 From: joe Date: Sat, 26 Apr 2014 13:03:00 -0400 Subject: New command import-secret that does not alter inputfiles. sync renamed to sync-secret. --- kiki.hs | 97 ++++++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 63 insertions(+), 34 deletions(-) (limited to 'kiki.hs') diff --git a/kiki.hs b/kiki.hs index 610dd5b..685c3df 100644 --- a/kiki.hs +++ b/kiki.hs @@ -401,28 +401,39 @@ whoseKey rsakey db = filter matchkey (Map.elems db) -kiki_usage = putStr . unlines $ - {- - ["kiki - a pgp key editing utility" - ,"" - ,"kiki [OPTIONS]" - ,"" - ," kiki merges a set of keyring files into a combined database and then" - ," uses the database to update the files so that they have the most complete" - ," information." - ,"" - ," The files pubring.gpg and subring.gpg in the directory specified by the " - ," --homedir option are implicitly included in the keyring set." - ,"" - ," kiki can also import or export secret subkeys by using the --keypairs option." - ,"" - ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" - ," indicates what the key is for. This tag can be used as a SPEC to select a" - ," particular key. Master keys may be specified by using fingerprints or by" - ," specifying a substring of an associated UID." - -} - ["kiki sync [options...]" - ,"" +kiki_usage cmd = putStr $ + case cmd of + "sync-secret" -> unlines + ["kiki sync-secret [options...]" + ,"" + ," sync-secret merges a set of key files into a combined database and then" + ," uses the database to update all the input files, those inside and outside of" + ," of the home directory (see --homedir), to have the most complete information." + ,"" + ," The files pubring.gpg and subring.gpg in the directory specified by the " + ," --homedir option are implicitly included in the keyring set." + ,"" + ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" + ," indicates what the key is for. This tag can be used as a SPEC to select a" + ," particular key. Master keys may be specified by using fingerprints or by" + ," specifying a substring of an associated UID." + ] + "import-secret" -> unlines + ["kiki import-secret [options...]" + ,"" + ," import-secret uses a set of key files to update your keyring. It does not" + ," alter any files outside of the home directory (see --homedir)." + ,"" + ," The files pubring.gpg and subring.gpg in the directory specified by the " + ," --homedir option are implicitly included in the keyring set." + ,"" + ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" + ," indicates what the key is for. This tag can be used as a SPEC to select a" + ," particular key. Master keys may be specified by using fingerprints or by" + ," specifying a substring of an associated UID." + ] + ++ unlines + ["" ,"Flags:" ," --homedir DIR" ," Where to find the the files secring.gpg and pubring.gpg. The " @@ -470,13 +481,13 @@ kiki_usage = putStr . unlines $ ," KEYSPEC ::= SPEC=FILE{CMD} " ,"" ," The form of SPEC is documented below. If there is only one master" - ," key in your keyring and only one key is used for each purpose, then" ," it is possible for SPEC in this case to merely be a tag which offers" + ," key in your keyring and only one key is used for each purpose, then" + ," it is possible for SPEC in this case to merely be a tag which offers" ," information about what this key is used for, for example, any of" ," `tor', `ssh-client', `ssh-host', or `strongswan' will do." ,"" ," If neither SPEC or FILE match any keys, then the CMD will be " ," executed in order to create the FILE." - ,"" ,"Output:" ," --show-wk Show fingerprints for the working key (which will be used to" @@ -570,8 +581,7 @@ doAutosign rt kd@(KeyData k ksigs umap submap) = ops = fingerprint_material a==fingerprint_material b gs = groupBy sameMaster (sortBy (comparing code) bindings') - -kiki "sync" args_raw = do +sync bModifyInput cmdarg args_raw = do let (args,trail1) = break (=="--") args_raw trail = drop 1 trail1 (sargs,margs) = @@ -642,16 +652,22 @@ kiki "sync" args_raw = do let keypairs = catMaybes keypairs0 homespec = join . take 1 <$> Map.lookup "--homedir" margs passfd = fmap (FileDesc . read) passphrase_fd + reftyp = if bModifyInput then MutableRef Nothing + else ConstRef pems = flip map keypairs $ \(usage,path,cmd) -> let cmd' = guard (not $ null cmd) >> return cmd - in (ArgFile path, (MutableRef cmd', PEMFile usage)) - walts = map (\fname -> (ArgFile fname, (MutableRef Nothing, WalletFile))) + in if bModifyInput + then (ArgFile path, (MutableRef cmd', PEMFile usage)) + else if isNothing cmd' + then (ArgFile path, (ConstRef, PEMFile usage)) + else error "Unexpected PEM file initializer." + walts = map (\fname -> (ArgFile fname, (reftyp, WalletFile))) wallets - rings = map (\fname -> (ArgFile fname, (MutableRef Nothing, KeyRingFile passfd))) + rings = map (\fname -> (ArgFile fname, (reftyp, KeyRingFile passfd))) keyrings_ hosts = maybe [] (map decorate) $ Map.lookup "--hosts" margs - where decorate fname = (ArgFile fname, (MutableRef Nothing, Hosts)) + where decorate fname = (ArgFile fname, (reftyp, Hosts)) importStyle = maybe (\_ _ -> subkeysOnly) (\f rt kd -> f rt kd >> importPublic) $ mplus import_f importifauth_f @@ -674,6 +690,7 @@ kiki "sync" args_raw = do , homeSpec = homespec } + (\f -> maybe f (const $ kiki_usage cmdarg) $ Map.lookup "--help" margs) $ do KikiResult rt report <- runKeyRing kikiOp case rt of @@ -685,8 +702,7 @@ kiki "sync" args_raw = do ,("--show-key",\[x] -> show_key x $ fromMaybe "" grip) ,("--show-pem",\[x] -> show_pem x $ fromMaybe "" grip) ,("--show-ssh",\[x] -> show_ssh x $ fromMaybe "" grip) - ,("--show-wip",\[x] -> show_wip x $ fromMaybe "" grip) - ,("--help", \_ _ ->kiki_usage)] + ,("--show-wip",\[x] -> show_wip x $ fromMaybe "" grip)] shargs = mapMaybe (\(x:xs) -> (,xs) <$> Map.lookup x shspec) sargs forM_ shargs $ \(cmd,args) -> cmd args (rtKeyDB rt) @@ -695,8 +711,20 @@ kiki "sync" args_raw = do forM_ report $ \(fname,act) -> do putStrLn $ fname ++ ": " ++ reportString act +kiki "sync-secret" args_raw = + sync True "sync-secret" args_raw + +kiki "import-secret" args_raw = + sync False "import-secret" args_raw + kiki "working-key" args = do - kiki "sync" ["--show-wk"] + if "--help" `notElem` args + then sync False "working-key" ["--show-wk"] + else putStrLn $ + unlines ["working-key" + ,"" + ," Displays the master key with its subkeys that will be" + ," used for making signatures"] kiki "help" args = do putStrLn "Valid commands are:" @@ -709,7 +737,8 @@ kiki "help" args = do commands :: [(String,String)] commands = [ ( "help", "display usage information" ) - , ( "sync", "update key files of various kinds by propogating information" ) + , ( "sync-secret", "update key files of various kinds by propogating information" ) + , ( "import-secret", "import (both public and secret) information into your keyring" ) , ( "working-key", "show the current working master key and its subkeys" ) ] -- cgit v1.2.3