diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-10-06 15:37:12 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-10-06 16:10:18 -0400 |
commit | f17abaa8ec3654ab4973641e2f551fe5b7088671 (patch) | |
tree | 5e0a692a0c21187b2cdfca5a35fea5575faa5f22 /Share.hs | |
parent | eeda326eb9aa34ff325bc9d2d97f5cb42f3958b5 (diff) | |
download | keysafe-f17abaa8ec3654ab4973641e2f551fe5b7088671.tar.gz |
Gpg keyid bugs
Fix bugs with entry of gpg keyid in the keysafe.log. Gpg.anyKey was being
used in writing the log, which made the log contain gpg keys with an empty
keyid.
Fix bug in --autostart that caused the full gpg keyid to be
used in the name, so restores would only work when --gpgkeyid was
specifid.
Added a Distinguisher data type rather than the Gpg.anyKey hack.
This commit was sponsored by Thom May on Patreon.
Diffstat (limited to 'Share.hs')
-rw-r--r-- | Share.hs | 16 |
1 files changed, 13 insertions, 3 deletions
@@ -41,18 +41,28 @@ instance HasCreationCost ShareIdents where instance Bruteforceable ShareIdents UnknownName where getBruteCostCalc = identsBruteForceCalc +data Distinguisher + = Distinguisher SecretKeySource + | AnyGpgKey + -- ^ Use to avoid the gpg keyid needing to be provided + -- at restore time. + deriving (Eq) + -- | Generates identifiers to use for storing shares. -- -- This is an expensive operation, to make it difficult for an attacker -- to brute force known/guessed names and find matching shares. -- The keyid or filename is used as a salt, to avoid collisions -- when the same name is chosen for multiple keys. -shareIdents :: Tunables -> Name -> SecretKeySource -> ShareIdents -shareIdents tunables (Name name) keyid = +shareIdents :: Tunables -> Name -> Distinguisher -> ShareIdents +shareIdents tunables (Name name) shareident = ShareIdents (segmentbyshare idents) creationcost bruteforcecalc where (ExpensiveHash creationcost basename) = - expensiveHash hashtunables (Salt keyid) name + expensiveHash hashtunables salt name + salt = case shareident of + Distinguisher sks -> Salt sks + AnyGpgKey -> Salt (GpgKey (KeyId "")) mk n = StorableObjectIdent $ Raaz.toByteString $ mksha $ E.encodeUtf8 $ basename <> T.pack (show n) mksha :: B.ByteString -> Raaz.Base16 |