Hi there, Attached is a small patch to handle the 'encrypt' capability on the main public key instead of on a subkey, when assigning $gpg_keys in function reencrypt_path().
The subkey case looks like this:
sub:u:2048:1:2EE5CDCE9B368A49:1398223729::::::e::::::
The main pubkey case like this:
pub:u:1024:1:BF619D0D554BAA78:1457908470:::u:::escaESCA:::::::
I've also attached a patch for the test suite, BUT it's only for
consistency (of the regexp) and does not actually test the encrypting
main pubkey case. This would need either adding a sixth test key or
replacing an existing key with 'encrypt' on the main pubkey.
Such a key can be created thusly (with GnuPG 2.1):
gpg2 --batch --gen-key <<- EOF
%no-protection
%transient-key
Key-Type: RSA
Key-Length: 1024
Name-Real: test-key
Name-Comment: DO NOT USE
Name-Email: [email protected]
EOF
Please review, and tell me whether that's fit for inclusion or what I
can do to improve/fix it. :)
Thanks,
--
Quentin Minster
GPG Public Key : 0F5F912C
GPG Fingerprint : AA09 29D0 263B E9D6 C260 BDC5 FF79 BF27 0F5F 912C
From a53777e1f9268d005f166df1782ab19d9e6ccc59 Mon Sep 17 00:00:00 2001 From: quentin <[email protected]> Date: Sun, 13 Mar 2016 23:41:05 +0100 Subject: [PATCH 1/2] Handle 'encrypt' capability on the main public key Some keys don't have the 'encrypt' capability on a subkey, but on the main public key. reencrypt_path() should work with these too. --- src/password-store.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/password-store.sh b/src/password-store.sh index 63be840..799d9ca 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -101,7 +101,7 @@ reencrypt_path() { IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190 unset GPG_RECIPIENTS[$index] done - gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)" + gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/\(sub\|pub\):[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\2/p' | LC_ALL=C sort -u)" fi current_keys="$($GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$passfile" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u)" -- 2.7.2
From 64383312ff256cb2d4b095414f71ffe4cd9c01fe Mon Sep 17 00:00:00 2001 From: quentin <[email protected]> Date: Mon, 14 Mar 2016 00:15:42 +0100 Subject: [PATCH 2/2] Update test t0300's key regexp For consistency with the new regexp in src/password-store.sh:reencrypt_path(). --- tests/t0300-reencryption.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/t0300-reencryption.sh b/tests/t0300-reencryption.sh index 9d46580..c830c4a 100755 --- a/tests/t0300-reencryption.sh +++ b/tests/t0300-reencryption.sh @@ -7,7 +7,7 @@ cd "$(dirname "$0")" INITIAL_PASSWORD="will this password live? a big question indeed..." canonicalize_gpg_keys() { - $GPG --list-keys --with-colons "$@" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u + $GPG --list-keys --with-colons "$@" | sed -n 's/\(pub\|sub\):[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\2/p' | LC_ALL=C sort -u } gpg_keys_from_encrypted_file() { $GPG -v --no-secmem-warning --no-permission-warning --list-only --keyid-format long "$1" 2>&1 | cut -d ' ' -f 5 | LC_ALL=C sort -u -- 2.7.2
signature.asc
Description: Digital signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
