Gpg keyid bugs

Fix bugs with entry of gpg keyid in the keysafe.log. Gpg.anyKey was being
used in writing the log, which made the log contain gpg keys with an empty
keyid.

Fix bug in --autostart that caused the full gpg keyid to be
used in the name, so restores would only work when --gpgkeyid was
specifid.

Added a Distinguisher data type rather than the Gpg.anyKey hack.

This commit was sponsored by Thom May on Patreon.

1 files changed, 13 insertions, 3 deletions

diff --git a/Share.hs b/Share.hs
index e511afd..2d848b9 100644
--- a/Share.hs
+++ b/Share.hs
@@ -41,18 +41,28 @@ instance HasCreationCost ShareIdents where
 instance Bruteforceable ShareIdents UnknownName where
 	getBruteCostCalc = identsBruteForceCalc
 
+data Distinguisher 
+	= Distinguisher SecretKeySource
+	| AnyGpgKey
+	-- ^ Use to avoid the gpg keyid needing to be provided 
+	-- at restore time.
+	deriving (Eq)
+
 -- | Generates identifiers to use for storing shares.
 --
 -- This is an expensive operation, to make it difficult for an attacker
 -- to brute force known/guessed names and find matching shares.
 -- The keyid or filename is used as a salt, to avoid collisions
 -- when the same name is chosen for multiple keys.
-shareIdents :: Tunables -> Name -> SecretKeySource -> ShareIdents
-shareIdents tunables (Name name) keyid =
+shareIdents :: Tunables -> Name -> Distinguisher -> ShareIdents
+shareIdents tunables (Name name) shareident =
 	ShareIdents (segmentbyshare idents) creationcost bruteforcecalc
   where
 	(ExpensiveHash creationcost basename) =
-		expensiveHash hashtunables (Salt keyid) name
+		expensiveHash hashtunables salt name
+	salt = case shareident of
+		Distinguisher sks -> Salt sks
+		AnyGpgKey -> Salt (GpgKey (KeyId ""))
 	mk n = StorableObjectIdent $ Raaz.toByteString $ mksha $
 		E.encodeUtf8 $ basename <> T.pack (show n)
 	mksha :: B.ByteString -> Raaz.Base16