aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2017-10-14 01:34:05 +1300
committerTom Ryder <tom@sanctum.geek.nz>2017-10-14 01:35:15 +1300
commit4eb2531aab1abae8c34f41ca44ec1caf6469ea83 (patch)
tree020e6e3a5044ce457cf4c0ef2424e50cfd944780
parentSpecify reason for Perl 5.10 (diff)
downloadMail-Run-Crypt-4eb2531aab1abae8c34f41ca44ec1caf6469ea83.tar.gz
Mail-Run-Crypt-4eb2531aab1abae8c34f41ca44ec1caf6469ea83.zip
Add sign/encrypt options
Default signing to off; step 1 to mitigating the terrible literal passphrase passing.
-rw-r--r--README.markdown9
-rwxr-xr-xbin/runcrypt17
-rw-r--r--lib/Mail/Run/Crypt.pm40
3 files changed, 61 insertions, 5 deletions
diff --git a/README.markdown b/README.markdown
index 926aa02..269b19a 100644
--- a/README.markdown
+++ b/README.markdown
@@ -40,6 +40,15 @@ via environment variables or command-line options.
Constructor accepts the following named parameters:
+- `sign`
+
+ Whether to sign the command output. This defaults to off. A key ID and
+ passphrase will be required for signing.
+
+- `encrypt`
+
+ Whether to encrypt the command output. This defaults to on.
+
- `keyid`
The GnuPG key ID that should be used to encrypt the messages.
diff --git a/bin/runcrypt b/bin/runcrypt
index df2a59b..a3c8552 100755
--- a/bin/runcrypt
+++ b/bin/runcrypt
@@ -25,6 +25,12 @@ our $SELF = 'runcrypt';
my ( $opt, $usage ) = describe_options(
"$SELF %o COMMAND [ARG1...]",
+ # Whether to sign the output (default: off)
+ [ 'sign|s', 'Sign output', { default => 0 } ],
+
+ # Whether to encrypt the output (default: on)
+ [ 'encrypt|e', 'Encrypt output', { default => 1 } ],
+
# Key ID defaults to environment RUNCRYPT_KEYID if set
[
'keyid|k=s',
@@ -76,6 +82,8 @@ if ( !@ARGV ) {
# Create an MCC object
my $mrc = Mail::Run::Crypt->new(
+ sign => $opt->sign,
+ encrypt => $opt->encrypt,
keyid => $opt->keyid,
passphrase => $opt->passphrase,
mailto => $opt->mailto,
@@ -124,6 +132,15 @@ The arguments beyond the options are used as the command name to run:
=over 4
+=item C<--sign>
+
+Whether to sign the output. This defaults to off. A key ID and passphrase will
+need to be provided for signing to work.
+
+=item C<--encrypt>
+
+Whether to encrypt the output to the recipient. This defaults to on.
+
=item C<--keyid>
The GnuPG key ID that should be used to sign and encrypt the messages. This
diff --git a/lib/Mail/Run/Crypt.pm b/lib/Mail/Run/Crypt.pm
index a81735d..4d7f74d 100644
--- a/lib/Mail/Run/Crypt.pm
+++ b/lib/Mail/Run/Crypt.pm
@@ -30,15 +30,26 @@ sub new {
# Blindly slurp in all the options given
my $self = {%opts};
- # We must have a key ID and a recipient, but not necessarily a passphrase
- for my $req (qw(keyid mailto)) {
- $self->{$req} // croak "$req required";
- }
+ # We must have a recipient
+ defined $self->{mailto}
+ or croak 'mailto required';
# Default the instance name to the package name if it wasn't given;
# runcrypt(1p) will pass it in
$self->{name} //= $class;
+ # We default to encrypting but not signing
+ $self->{encrypt} //= 1;
+ $self->{sign} //= 0;
+
+ # If signing, we need a key ID and a passphrase
+ if ( $self->{sign} ) {
+ defined $self->{keyid}
+ or croak 'keyid required for signing';
+ defined $self->{passphrase}
+ or croak 'passphrase required for signing';
+ }
+
# Return objectified self
return bless $self, $class;
}
@@ -90,7 +101,17 @@ sub _mail {
key => $self->{keyid},
passphrase => $self->{passphrase},
);
- $mgpg->mime_signencrypt( $mime, $self->{mailto} );
+
+ # Sign and/or encrypt as appropriate
+ if ( $self->{sign} and $self->{encrypt} ) {
+ $mgpg->mime_signencrypt( $mime, $self->{mailto} );
+ }
+ elsif ( $self->{sign} ) {
+ $mgpg->mime_sign( $mime, $self->{mailto} );
+ }
+ elsif ( $self->{encrypt} ) {
+ $mgpg->mime_encrypt( $mime, $self->{mailto} );
+ }
# Send it
return $mime->send();
@@ -150,6 +171,15 @@ Constructor accepts the following named parameters:
=over 4
+=item C<sign>
+
+Whether to sign the command output. This defaults to off. A key ID and
+passphrase will be required for signing.
+
+=item C<encrypt>
+
+Whether to encrypt the command output. This defaults to on.
+
=item C<keyid>
The GnuPG key ID that should be used to encrypt the messages.