aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Ryder <tom@sanctum.geek.nz>2017-10-14 14:37:01 +1300
committerTom Ryder <tom@sanctum.geek.nz>2017-10-14 14:39:56 +1300
commit79dd92c2eefe13b064f81e9622e12228e586d616 (patch)
treea9a35bba08d548cb8ecfb710e97cb40985bbc1fc
parentBump version number (diff)
downloadMail-Run-Crypt-79dd92c2eefe13b064f81e9622e12228e586d616.tar.gz
Mail-Run-Crypt-79dd92c2eefe13b064f81e9622e12228e586d616.zip
Documentation corrections
-rw-r--r--README.markdown23
-rwxr-xr-xbin/runcrypt35
-rw-r--r--lib/Mail/Run/Crypt.pm23
3 files changed, 44 insertions, 37 deletions
diff --git a/README.markdown b/README.markdown
index 913196f..04deccc 100644
--- a/README.markdown
+++ b/README.markdown
@@ -53,29 +53,30 @@ Constructor method; accepts the following named parameters:
The recipient email address for the content. This is always required.
-- `sign`
-
- Whether to sign the command output. This defaults to 0. A `keyid` and
- `passphrase` will be required for signing.
-
- `encrypt`
Whether to encrypt the command output. This defaults to 1.
-- `keyid`
+- `sign`
- The GnuPG key ID that should be used to encrypt the messages. This is required
- for signing. It can be any means of identifying the key acceptable to GnuPG;
- the key's 16-byte ("long") hexadecimal ID prefixed with `0x` is probably the
- best way.
+ Whether to sign the command output. This defaults to 0. A `keyid` and
+ `passphrase` will be required for signing.
It is _strongly_ recommended that a dedicated key and passphrase be used for
signatures if this is needed. You should carefully consider the consequences of
a compromised key.
+- `keyid`
+
+ The GnuPG key ID that should be used to sign messages. This is required for
+ signing, and has no effect without `sign`. It can be any means of identifying
+ the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal ID prefixed
+ with `0x` is probably the best way.
+
- `passphrase`
- The passphrase used to decrypt the key. This is required for signing.
+ The passphrase used to decrypt the key. This is required for signing, and has
+ no effect without `sign`.
- `name`
diff --git a/bin/runcrypt b/bin/runcrypt
index 6dedd11..2f16dac 100755
--- a/bin/runcrypt
+++ b/bin/runcrypt
@@ -155,31 +155,42 @@ The arguments beyond the options are used as the command name to run:
=over 4
-=item C<--sign>
+=item C<--mailto>
-Whether to sign the output. This defaults to 0. An ID and passphrase file will
-need to be provided for signing to work.
+The recipient address for the encryption portion of the email. This defaults to
+the value of the environment variable C<RUNCRYPT_MAILTO> if that is set, or
+C<MAILTO> failing that, to make it suitable for use in a B<crontab(5)> file.
=item C<--encrypt>
Whether to encrypt the output to the recipient. This defaults to 1.
-=item C<--keyid>
+=item C<--sign>
-The GnuPG key ID that should be used to encrypt the messages. This is required
-for signing. It can be any means of identifying the key acceptable to GnuPG;
-the key's 16-byte ("long") hexadecimal ID prefixed with C<0x> is probably the
-best way. This defaults to the value of the environment variable
-C<RUNCRYPT_KEYID>.
+Whether to sign the output. This defaults to 0. An ID and passphrase file will
+need to be provided for signing to work.
It is I<strongly> recommended that a dedicated key and passphrase be used for
signatures if this is needed. You should carefully consider the consequences of
a compromised key.
+=item C<--keyid>
+
+The GnuPG key ID that should be used to sign messages. This is required for
+signing, and has no effect if C<--sign> is not given. It can be any means of
+identifying the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal
+ID prefixed with C<0x> is probably the best way.
+
+This defaults to the value of the environment variable C<RUNCRYPT_KEYID>.
+
=item C<--passfile>
Path to a filename that should be read to get the key passphrase for signing.
This defaults to the value of the environment variable C<RUNCRYPT_PASSFILE>.
+This is required for signing, and has no effect if C<--sign> is not given.
+
+One trailing newline will be removed from the file contents with
+L<C<chomp>|perlfunc/"chomp VARIABLE"> if present.
It is I<strongly> recommended, but not enforced by this program, that this file
have strict permissions (not group or world-readable).
@@ -187,12 +198,6 @@ have strict permissions (not group or world-readable).
By design, there is no way to specify the passphrase directly as an argument.
This has too many negative security implications.
-=item C<--mailto>
-
-The recipient address for the encryption portion of the email. This defaults to
-the value of the environment variable C<RUNCRYPT_MAILTO> if that is set, or
-C<MAILTO> failing that, to make it suitable for use in a B<crontab(5)> file.
-
=item C<--name>
The name for this instance of the module, which will be used as the first word
diff --git a/lib/Mail/Run/Crypt.pm b/lib/Mail/Run/Crypt.pm
index 66691b1..8a39dc6 100644
--- a/lib/Mail/Run/Crypt.pm
+++ b/lib/Mail/Run/Crypt.pm
@@ -185,29 +185,30 @@ Constructor method; accepts the following named parameters:
The recipient email address for the content. This is always required.
-=item C<sign>
-
-Whether to sign the command output. This defaults to 0. A C<keyid> and
-C<passphrase> will be required for signing.
-
=item C<encrypt>
Whether to encrypt the command output. This defaults to 1.
-=item C<keyid>
+=item C<sign>
-The GnuPG key ID that should be used to encrypt the messages. This is required
-for signing. It can be any means of identifying the key acceptable to GnuPG;
-the key's 16-byte ("long") hexadecimal ID prefixed with C<0x> is probably the
-best way.
+Whether to sign the command output. This defaults to 0. A C<keyid> and
+C<passphrase> will be required for signing.
It is I<strongly> recommended that a dedicated key and passphrase be used for
signatures if this is needed. You should carefully consider the consequences of
a compromised key.
+=item C<keyid>
+
+The GnuPG key ID that should be used to sign messages. This is required for
+signing, and has no effect without C<sign>. It can be any means of identifying
+the key acceptable to GnuPG; the key's 16-byte ("long") hexadecimal ID prefixed
+with C<0x> is probably the best way.
+
=item C<passphrase>
-The passphrase used to decrypt the key. This is required for signing.
+The passphrase used to decrypt the key. This is required for signing, and has
+no effect without C<sign>.
=item C<name>