diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2017-10-14 01:34:05 +1300 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2017-10-14 01:35:15 +1300 |
commit | 4eb2531aab1abae8c34f41ca44ec1caf6469ea83 (patch) | |
tree | 020e6e3a5044ce457cf4c0ef2424e50cfd944780 | |
parent | Specify reason for Perl 5.10 (diff) | |
download | Mail-Run-Crypt-4eb2531aab1abae8c34f41ca44ec1caf6469ea83.tar.gz Mail-Run-Crypt-4eb2531aab1abae8c34f41ca44ec1caf6469ea83.zip |
Add sign/encrypt options
Default signing to off; step 1 to mitigating the terrible literal
passphrase passing.
-rw-r--r-- | README.markdown | 9 | ||||
-rwxr-xr-x | bin/runcrypt | 17 | ||||
-rw-r--r-- | lib/Mail/Run/Crypt.pm | 40 |
3 files changed, 61 insertions, 5 deletions
diff --git a/README.markdown b/README.markdown index 926aa02..269b19a 100644 --- a/README.markdown +++ b/README.markdown @@ -40,6 +40,15 @@ via environment variables or command-line options. Constructor accepts the following named parameters: +- `sign` + + Whether to sign the command output. This defaults to off. A key ID and + passphrase will be required for signing. + +- `encrypt` + + Whether to encrypt the command output. This defaults to on. + - `keyid` The GnuPG key ID that should be used to encrypt the messages. diff --git a/bin/runcrypt b/bin/runcrypt index df2a59b..a3c8552 100755 --- a/bin/runcrypt +++ b/bin/runcrypt @@ -25,6 +25,12 @@ our $SELF = 'runcrypt'; my ( $opt, $usage ) = describe_options( "$SELF %o COMMAND [ARG1...]", + # Whether to sign the output (default: off) + [ 'sign|s', 'Sign output', { default => 0 } ], + + # Whether to encrypt the output (default: on) + [ 'encrypt|e', 'Encrypt output', { default => 1 } ], + # Key ID defaults to environment RUNCRYPT_KEYID if set [ 'keyid|k=s', @@ -76,6 +82,8 @@ if ( !@ARGV ) { # Create an MCC object my $mrc = Mail::Run::Crypt->new( + sign => $opt->sign, + encrypt => $opt->encrypt, keyid => $opt->keyid, passphrase => $opt->passphrase, mailto => $opt->mailto, @@ -124,6 +132,15 @@ The arguments beyond the options are used as the command name to run: =over 4 +=item C<--sign> + +Whether to sign the output. This defaults to off. A key ID and passphrase will +need to be provided for signing to work. + +=item C<--encrypt> + +Whether to encrypt the output to the recipient. This defaults to on. + =item C<--keyid> The GnuPG key ID that should be used to sign and encrypt the messages. This diff --git a/lib/Mail/Run/Crypt.pm b/lib/Mail/Run/Crypt.pm index a81735d..4d7f74d 100644 --- a/lib/Mail/Run/Crypt.pm +++ b/lib/Mail/Run/Crypt.pm @@ -30,15 +30,26 @@ sub new { # Blindly slurp in all the options given my $self = {%opts}; - # We must have a key ID and a recipient, but not necessarily a passphrase - for my $req (qw(keyid mailto)) { - $self->{$req} // croak "$req required"; - } + # We must have a recipient + defined $self->{mailto} + or croak 'mailto required'; # Default the instance name to the package name if it wasn't given; # runcrypt(1p) will pass it in $self->{name} //= $class; + # We default to encrypting but not signing + $self->{encrypt} //= 1; + $self->{sign} //= 0; + + # If signing, we need a key ID and a passphrase + if ( $self->{sign} ) { + defined $self->{keyid} + or croak 'keyid required for signing'; + defined $self->{passphrase} + or croak 'passphrase required for signing'; + } + # Return objectified self return bless $self, $class; } @@ -90,7 +101,17 @@ sub _mail { key => $self->{keyid}, passphrase => $self->{passphrase}, ); - $mgpg->mime_signencrypt( $mime, $self->{mailto} ); + + # Sign and/or encrypt as appropriate + if ( $self->{sign} and $self->{encrypt} ) { + $mgpg->mime_signencrypt( $mime, $self->{mailto} ); + } + elsif ( $self->{sign} ) { + $mgpg->mime_sign( $mime, $self->{mailto} ); + } + elsif ( $self->{encrypt} ) { + $mgpg->mime_encrypt( $mime, $self->{mailto} ); + } # Send it return $mime->send(); @@ -150,6 +171,15 @@ Constructor accepts the following named parameters: =over 4 +=item C<sign> + +Whether to sign the command output. This defaults to off. A key ID and +passphrase will be required for signing. + +=item C<encrypt> + +Whether to encrypt the command output. This defaults to on. + =item C<keyid> The GnuPG key ID that should be used to encrypt the messages. |