tanother fix to key handling - tomb - the crypto undertaker
(HTM) git clone git://parazyd.org/tomb.git
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 12f49bf2ff6f5ce6cfad43acba83893519179cfd
(DIR) parent 7fb404d97c42dc3018e8b67d61c42d90d6ff7122
(HTM) Author: Jaromil <jaromil@dyne.org>
Date: Fri, 21 Feb 2014 22:40:06 +0100
another fix to key handling
ultimately removing the case in which we guess if the key is near
tthe tomb: that is not anymore in documentation and we stop encouraging
tto keep the key near the tomb.
Diffstat:
M tomb | 32 +++++++++++++------------------
1 file changed, 13 insertions(+), 19 deletions(-)
---
(DIR) diff --git a/tomb b/tomb
t@@ -540,22 +540,17 @@ check_bin() {
# On success returns 0 and prints out the full path to the key
load_key() {
# take the name of a tomb file as argument
- # this is used for guessing if the key is nearby
- { test "$1" = "" } || {
- tombdir=`dirname $1`
- tombfile=`basename $1`
- tombname=${tombfile%%\.*}
- }
-
if option_is_set -k ; then
if [[ "`option_value -k`" == "-" ]]; then
xxx "load_key reading from stdin"
# take key from stdin
tombkeydir=`safe_dir load_key_stdin` # global used to check if key from stdin
xxx "tempdir is $tombkeydir"
+ act "waiting for the key to be piped from stdin... "
cat > ${tombkeydir}/stdin.tmp.key
+ print ok >&2
tombdir=${tombkeydir}
- tombfile=stdin.tmp
+ tombfile=stdin.tmp.key
tombname="stdin"
elif [[ "`option_value -k`" != "" ]]; then
xxx "load_key argument: `option_value -k`"
t@@ -564,23 +559,19 @@ load_key() {
tombdir=`dirname $tombkey`
tombfile=`basename $tombkey`
fi
+
+ else # no -k specified
+ die "this operation requires a key file to be specified using the -k option"
+ return 1
fi
- tombkey=${tombdir}/${tombfile}.key
+ tombkey=${tombdir}/${tombfile}
xxx "load_key: ${tombkey}"
-
- if [ -r "${tombkey}" ]; then
- if [ "$tombkeydir" = "" ]; then
- _message "We'll use this key: ${tombkey}"
- else
- _message "We'll use the key piped from stdin"
- fi
- else
+ { test -r "${tombkey}" } || {
_warning "Key not found, specify one using -k"
drop_key
- return 1
- fi
+ return 1 }
# this does a check on the file header
if ! is_valid_key ${tombkey}; then
t@@ -1452,6 +1443,7 @@ mount_tomb() {
if [ $? = 255 ]; then
die "too many tomb opened. Please close any of them to open another tomb"
fi
+ xxx "next free loop device: $nstloop"
losetup -f ${tombdir}/${tombfile}
cryptsetup isLuks ${nstloop}
t@@ -1481,6 +1473,8 @@ mount_tomb() {
mapdate=`date +%s`
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
+ xxx "dev mapper device: $mapper"
+ xxx "tomb key: $tombkey"
keyname=`basename $tombkey | cut -d. -f1`
tombpass=`ask_key_password $tombkey`