diff options
author | Tom Ryder <tom@sanctum.geek.nz> | 2017-10-14 14:37:01 +1300 |
---|---|---|
committer | Tom Ryder <tom@sanctum.geek.nz> | 2017-10-14 14:39:56 +1300 |
commit | 79dd92c2eefe13b064f81e9622e12228e586d616 (patch) | |
tree | a9a35bba08d548cb8ecfb710e97cb40985bbc1fc | |
parent | Bump version number (diff) | |
download | Mail-Run-Crypt-79dd92c2eefe13b064f81e9622e12228e586d616.tar.gz Mail-Run-Crypt-79dd92c2eefe13b064f81e9622e12228e586d616.zip |
Documentation corrections
-rw-r--r-- | README.markdown | 23 | ||||
-rwxr-xr-x | bin/runcrypt | 35 | ||||
-rw-r--r-- | lib/Mail/Run/Crypt.pm | 23 |
3 files changed, 44 insertions, 37 deletions
diff --git a/README.markdown b/README.markdown index 913196f..04deccc 100644 --- a/README.markdown +++ b/README.markdown @@ -53,29 +53,30 @@ Constructor method; accepts the following named parameters: The recipient email address for the content. This is always required. -- `sign` - - Whether to sign the command output. This defaults to 0. A `keyid` and - `passphrase` will be required for signing. - - `encrypt` Whether to encrypt the command output. This defaults to 1. -- `keyid` +- `sign` - The GnuPG key ID that should be used to encrypt the messages. This is required - for signing. It can be any means of identifying the key acceptable to GnuPG; - the key's 16-byte ("long") hexadecimal ID prefixed with `0x` is probably the - best way. + Whether to sign the command output. This defaults to 0. A `keyid` and + `passphrase` will be required for signing. It is _strongly_ recommended that a dedicated key and passphrase be used for signatures if this is needed. You should carefully consider the consequences of a compromised key. +- `keyid` + + The GnuPG key ID that should be used to sign messages. This is required for + signing, and has no effect without `sign`. It can be any means of identifying + the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal ID prefixed + with `0x` is probably the best way. + - `passphrase` - The passphrase used to decrypt the key. This is required for signing. + The passphrase used to decrypt the key. This is required for signing, and has + no effect without `sign`. - `name` diff --git a/bin/runcrypt b/bin/runcrypt index 6dedd11..2f16dac 100755 --- a/bin/runcrypt +++ b/bin/runcrypt @@ -155,31 +155,42 @@ The arguments beyond the options are used as the command name to run: =over 4 -=item C<--sign> +=item C<--mailto> -Whether to sign the output. This defaults to 0. An ID and passphrase file will -need to be provided for signing to work. +The recipient address for the encryption portion of the email. This defaults to +the value of the environment variable C<RUNCRYPT_MAILTO> if that is set, or +C<MAILTO> failing that, to make it suitable for use in a B<crontab(5)> file. =item C<--encrypt> Whether to encrypt the output to the recipient. This defaults to 1. -=item C<--keyid> +=item C<--sign> -The GnuPG key ID that should be used to encrypt the messages. This is required -for signing. It can be any means of identifying the key acceptable to GnuPG; -the key's 16-byte ("long") hexadecimal ID prefixed with C<0x> is probably the -best way. This defaults to the value of the environment variable -C<RUNCRYPT_KEYID>. +Whether to sign the output. This defaults to 0. An ID and passphrase file will +need to be provided for signing to work. It is I<strongly> recommended that a dedicated key and passphrase be used for signatures if this is needed. You should carefully consider the consequences of a compromised key. +=item C<--keyid> + +The GnuPG key ID that should be used to sign messages. This is required for +signing, and has no effect if C<--sign> is not given. It can be any means of +identifying the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal +ID prefixed with C<0x> is probably the best way. + +This defaults to the value of the environment variable C<RUNCRYPT_KEYID>. + =item C<--passfile> Path to a filename that should be read to get the key passphrase for signing. This defaults to the value of the environment variable C<RUNCRYPT_PASSFILE>. +This is required for signing, and has no effect if C<--sign> is not given. + +One trailing newline will be removed from the file contents with +L<C<chomp>|perlfunc/"chomp VARIABLE"> if present. It is I<strongly> recommended, but not enforced by this program, that this file have strict permissions (not group or world-readable). @@ -187,12 +198,6 @@ have strict permissions (not group or world-readable). By design, there is no way to specify the passphrase directly as an argument. This has too many negative security implications. -=item C<--mailto> - -The recipient address for the encryption portion of the email. This defaults to -the value of the environment variable C<RUNCRYPT_MAILTO> if that is set, or -C<MAILTO> failing that, to make it suitable for use in a B<crontab(5)> file. - =item C<--name> The name for this instance of the module, which will be used as the first word diff --git a/lib/Mail/Run/Crypt.pm b/lib/Mail/Run/Crypt.pm index 66691b1..8a39dc6 100644 --- a/lib/Mail/Run/Crypt.pm +++ b/lib/Mail/Run/Crypt.pm @@ -185,29 +185,30 @@ Constructor method; accepts the following named parameters: The recipient email address for the content. This is always required. -=item C<sign> - -Whether to sign the command output. This defaults to 0. A C<keyid> and -C<passphrase> will be required for signing. - =item C<encrypt> Whether to encrypt the command output. This defaults to 1. -=item C<keyid> +=item C<sign> -The GnuPG key ID that should be used to encrypt the messages. This is required -for signing. It can be any means of identifying the key acceptable to GnuPG; -the key's 16-byte ("long") hexadecimal ID prefixed with C<0x> is probably the -best way. +Whether to sign the command output. This defaults to 0. A C<keyid> and +C<passphrase> will be required for signing. It is I<strongly> recommended that a dedicated key and passphrase be used for signatures if this is needed. You should carefully consider the consequences of a compromised key. +=item C<keyid> + +The GnuPG key ID that should be used to sign messages. This is required for +signing, and has no effect without C<sign>. It can be any means of identifying +the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal ID prefixed +with C<0x> is probably the best way. + =item C<passphrase> -The passphrase used to decrypt the key. This is required for signing. +The passphrase used to decrypt the key. This is required for signing, and has +no effect without C<sign>. =item C<name> |