diff options
Diffstat (limited to 'keysafe.hs')
-rw-r--r-- | keysafe.hs | 26 |
1 files changed, 15 insertions, 11 deletions
@@ -19,6 +19,7 @@ import Cost import SecretKey import Share import Storage +import BackupRecord import HTTP.Server import qualified Gpg import Data.Maybe @@ -96,10 +97,10 @@ backup cmdline storagelocations ui tunables secretkeysource secretkey = do <$> promptName ui "Enter other name" othernamedesc Nothing validateName let name = Name (theirname <> " " <> othername) - kek <- promptkek name + (kek, passwordentropy) <- promptpassword name let sis = shareIdents tunables name secretkeysource let cost = getCreationCost kek <> getCreationCost sis - (r, queued) <- withProgressIncremental ui "Encrypting and storing data" + (r, queued, locs) <- withProgressIncremental ui "Encrypting and storing data" (encryptdesc cost cores) $ \addpercent -> do let esk = encrypt tunables kek secretkey shares <- genShares esk tunables @@ -107,10 +108,13 @@ backup cmdline storagelocations ui tunables secretkeysource secretkey = do _ <- sis `seq` addpercent 25 let step = 50 `div` sum (map S.size shares) storeShares storagelocations sis shares (addpercent step) + backuprecord <- mkBackupRecord (mapMaybe getServer locs) secretkeysource passwordentropy case r of - StoreSuccess - | queued -> showInfo ui "Backup queued" "Some data was not sucessfully uploaded to servers, and has been queued for later upload. Run keysafe --uploadqueued at a later point to finish the backup." - | otherwise -> showInfo ui "Backup success" "Your secret key was successfully encrypted and backed up." + StoreSuccess -> do + storeBackupRecord backuprecord + if queued + then showInfo ui "Backup queued" "Some data was not sucessfully uploaded to servers, and has been queued for later upload. Run keysafe --uploadqueued at a later point to finish the backup." + else showInfo ui "Backup success" "Your secret key was successfully encrypted and backed up." StoreFailure s -> showError ui ("There was a problem storing your encrypted secret key: " ++ s) StoreAlreadyExists -> do showError ui $ unlines @@ -118,20 +122,20 @@ backup cmdline storagelocations ui tunables secretkeysource secretkey = do , "Please try again with a different name." ] go theirname - promptkek name = do + promptpassword name = do password <- fromMaybe (error "Aborting on no password") <$> promptPassword ui True "Enter password" passworddesc kek <- genKeyEncryptionKey tunables name password username <- userName let badwords = concatMap namewords [name, username] + let passwordentropy = calcPasswordEntropy password badwords let crackcost = estimateAttackCost spotAWS $ - estimateBruteforceOf kek $ - passwordEntropy password badwords + estimateBruteforceOf kek passwordentropy let mincost = Dollars 100000 if crackcost < mincost then do showError ui $ "Weak password! It would cost only " ++ show crackcost ++ " to crack the password. Please think of a better one. More words would be good.." - promptkek name + promptpassword name else do (thisyear, _, _) <- toGregorian . utctDay <$> getCurrentTime @@ -139,8 +143,8 @@ backup cmdline storagelocations ui tunables secretkeysource secretkey = do (crackdesc crackcost thisyear) "Is your password strong enough?" if ok - then return kek - else promptkek name + then return (kek, passwordentropy) + else promptpassword name namewords (Name nb) = words (BU8.toString nb) keydesc = case secretkeysource of GpgKey _ -> "gpg secret key" |