tanother fix to key handling - tomb - the crypto undertaker (HTM) git clone git://parazyd.org/tomb.git (DIR) Log (DIR) Files (DIR) Refs (DIR) README (DIR) LICENSE --- (DIR) commit 12f49bf2ff6f5ce6cfad43acba83893519179cfd (DIR) parent 7fb404d97c42dc3018e8b67d61c42d90d6ff7122 (HTM) Author: Jaromil <jaromil@dyne.org> Date: Fri, 21 Feb 2014 22:40:06 +0100 another fix to key handling ultimately removing the case in which we guess if the key is near tthe tomb: that is not anymore in documentation and we stop encouraging tto keep the key near the tomb. Diffstat: M tomb | 32 +++++++++++++------------------ 1 file changed, 13 insertions(+), 19 deletions(-) --- (DIR) diff --git a/tomb b/tomb t@@ -540,22 +540,17 @@ check_bin() { # On success returns 0 and prints out the full path to the key load_key() { # take the name of a tomb file as argument - # this is used for guessing if the key is nearby - { test "$1" = "" } || { - tombdir=`dirname $1` - tombfile=`basename $1` - tombname=${tombfile%%\.*} - } - if option_is_set -k ; then if [[ "`option_value -k`" == "-" ]]; then xxx "load_key reading from stdin" # take key from stdin tombkeydir=`safe_dir load_key_stdin` # global used to check if key from stdin xxx "tempdir is $tombkeydir" + act "waiting for the key to be piped from stdin... " cat > ${tombkeydir}/stdin.tmp.key + print ok >&2 tombdir=${tombkeydir} - tombfile=stdin.tmp + tombfile=stdin.tmp.key tombname="stdin" elif [[ "`option_value -k`" != "" ]]; then xxx "load_key argument: `option_value -k`" t@@ -564,23 +559,19 @@ load_key() { tombdir=`dirname $tombkey` tombfile=`basename $tombkey` fi + + else # no -k specified + die "this operation requires a key file to be specified using the -k option" + return 1 fi - tombkey=${tombdir}/${tombfile}.key + tombkey=${tombdir}/${tombfile} xxx "load_key: ${tombkey}" - - if [ -r "${tombkey}" ]; then - if [ "$tombkeydir" = "" ]; then - _message "We'll use this key: ${tombkey}" - else - _message "We'll use the key piped from stdin" - fi - else + { test -r "${tombkey}" } || { _warning "Key not found, specify one using -k" drop_key - return 1 - fi + return 1 } # this does a check on the file header if ! is_valid_key ${tombkey}; then t@@ -1452,6 +1443,7 @@ mount_tomb() { if [ $? = 255 ]; then die "too many tomb opened. Please close any of them to open another tomb" fi + xxx "next free loop device: $nstloop" losetup -f ${tombdir}/${tombfile} cryptsetup isLuks ${nstloop} t@@ -1481,6 +1473,8 @@ mount_tomb() { mapdate=`date +%s` mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`" + xxx "dev mapper device: $mapper" + xxx "tomb key: $tombkey" keyname=`basename $tombkey | cut -d. -f1` tombpass=`ask_key_password $tombkey`