aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2017-10-14 02:02:10 +1300
committerTom Ryder <tom@sanctum.geek.nz>2017-10-14 02:02:10 +1300
commitb8625a24301bcc7b1b724f862e1254f44d561d2d (patch)
tree8c6f872e511f4efb5bf33f5adecdef749b1d8b1e
parentAdd sign/encrypt options (diff)
downloadMail-Run-Crypt-b8625a24301bcc7b1b724f862e1254f44d561d2d.tar.gz
Mail-Run-Crypt-b8625a24301bcc7b1b724f862e1254f44d561d2d.zip
Change passphrase out for passfile
This already makes things a lot better, I think.
-rwxr-xr-xbin/runcrypt65
1 files changed, 48 insertions, 17 deletions
diff --git a/bin/runcrypt b/bin/runcrypt
index a3c8552..f08ea00 100755
--- a/bin/runcrypt
+++ b/bin/runcrypt
@@ -12,6 +12,8 @@ use 5.010;
# Import required modules
use Carp;
+use English '-no_match_vars';
+use File::stat;
use Getopt::Long::Descriptive;
use Mail::Run::Crypt;
@@ -38,11 +40,11 @@ my ( $opt, $usage ) = describe_options(
{ default => $ENV{RUNCRYPT_KEYID} // undef },
],
- # Key passphrase defaults to environment RUNCRYPT_PASSPHRASE if set
+ # Key passphrase file defaults to environment RUNCRYPT_PASSFILE if set
[
- 'passphrase|p=s',
- 'OpenPGP passphrase',
- { default => $ENV{RUNCRYPT_PASSPHRASE} // undef },
+ 'passfile|p=s',
+ 'Path to OpenPGP passphrase file',
+ { default => $ENV{RUNCRYPT_PASSFILE} // undef },
],
# MAILTO address defaults to environment MAILTO if set
@@ -80,16 +82,35 @@ if ( !@ARGV ) {
exit 2;
}
-# Create an MCC object
-my $mrc = Mail::Run::Crypt->new(
- sign => $opt->sign,
- encrypt => $opt->encrypt,
- keyid => $opt->keyid,
- passphrase => $opt->passphrase,
- mailto => $opt->mailto,
- name => $opt->name,
+# Create an MRC object
+my %opts = (
+ sign => $opt->sign,
+ encrypt => $opt->encrypt,
+ keyid => $opt->keyid,
+ mailto => $opt->mailto,
+ name => $opt->name,
);
+# If we have a passphrase file defined, we'll test and read it
+if ( defined $opt->passfile ) {
+
+ # Read the passphrase from the file, chomping any final newline
+ my $fn = $opt->passfile;
+ $opts{passphrase} = do {
+ local $RS = undef;
+ open my $fh, '<', $fn
+ or croak "passfile $fn open failed: $ERRNO";
+ my $passphrase = <$fh>;
+ close $fh
+ or carp "passfile $fn close failed: $ERRNO";
+ chomp $passphrase;
+ $passphrase;
+ };
+}
+
+# Create the MRC object with the determined options
+my $mrc = Mail::Run::Crypt->new(%opts);
+
# Run the command given in the arguments, exiting appropriately
$mrc->run(@ARGV);
exit $mrc->bail;
@@ -134,8 +155,8 @@ The arguments beyond the options are used as the command name to run:
=item C<--sign>
-Whether to sign the output. This defaults to off. A key ID and passphrase will
-need to be provided for signing to work.
+Whether to sign the output. This defaults to off. A key ID and passphrase file
+will need to be provided for signing to work.
=item C<--encrypt>
@@ -146,10 +167,20 @@ Whether to encrypt the output to the recipient. This defaults to on.
The GnuPG key ID that should be used to sign and encrypt the messages. This
defaults to the value of the environment variable C<RUNCRYPT_KEYID>.
-=item C<--passphrase>
+It is I<strongly> recommended that a dedicated key and passphrase be used for
+signatures if this is needed. You should carefully consider the consequences of
+a compromise key.
+
+=item C<--passfile>
+
+Path to a filename that should be read to get the key passphrase for signing.
+This defaults to the value of the environment variable C<RUNCRYPT_PASSFILE>.
+
+It is I<strongly> recommended, but not enforced by this program, that this file
+have strict permissions (not group or world-readable).
-The passphrase use to decrypt the key. This defaults to the value of the
-environment variable C<RUNCRYPT_PASSPHRASE>.
+By design, there is no way to specify the passphrase directly as an argument.
+This has too many negative security implications.
=item C<--mailto>