summaryrefslogtreecommitdiffstats
path: root/tool/src
diff options
context:
space:
mode:
authorJustus Winter <justus@sequoia-pgp.org>2018-09-28 16:32:12 +0200
committerJustus Winter <justus@sequoia-pgp.org>2018-09-28 16:32:12 +0200
commit7c1fecc0bf147e95803e3c64cd2fb4641ebb265f (patch)
tree119b9b10231d8b7066b97c644ec1bd92fc8f387c /tool/src
parent06ee86f3752f56add4d6e9deab1c460640ced21c (diff)
tool: Optionally sign data when encrypting.
Diffstat (limited to 'tool/src')
-rw-r--r--tool/src/commands/mod.rs22
-rw-r--r--tool/src/sq-usage.rs1
-rw-r--r--tool/src/sq.rs5
-rw-r--r--tool/src/sq_cli.rs8
4 files changed, 29 insertions, 7 deletions
diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs
index b7475e6a..726eeab2 100644
--- a/tool/src/commands/mod.rs
+++ b/tool/src/commands/mod.rs
@@ -40,7 +40,7 @@ fn tm2str(t: &time::Tm) -> String {
pub fn encrypt(store: &mut store::Store,
input: &mut io::Read, output: &mut io::Write,
npasswords: usize, recipients: Vec<&str>,
- mut tpks: Vec<openpgp::TPK>)
+ mut tpks: Vec<openpgp::TPK>, signers: Vec<openpgp::TPK>)
-> Result<()> {
for r in recipients {
tpks.push(store.lookup(r).context("No such key found")?.tpk()?);
@@ -62,12 +62,19 @@ pub fn encrypt(store: &mut store::Store,
passwords.iter().collect();
// We want to encrypt a literal data packet.
- let encryptor = Encryptor::new(wrap(output),
- &passwords_,
- &recipients,
- EncryptionMode::AtRest)
+ let mut sink = Encryptor::new(wrap(output),
+ &passwords_,
+ &recipients,
+ EncryptionMode::AtRest)
.context("Failed to create encryptor")?;
- let mut literal_writer = LiteralWriter::new(encryptor, DataFormat::Binary,
+
+ // Optionally sign message.
+ if ! signers.is_empty() {
+ let signers_: Vec<&openpgp::TPK> = signers.iter().collect();
+ sink = Signer::with_intended_recipients(sink, &signers_, &recipients)?;
+ }
+
+ let mut literal_writer = LiteralWriter::new(sink, DataFormat::Binary,
None, None)
.context("Failed to create literal writer")?;
@@ -75,6 +82,9 @@ pub fn encrypt(store: &mut store::Store,
io::copy(input, &mut literal_writer)
.context("Failed to encrypt")?;
+ literal_writer.finalize()
+ .context("Failed to encrypt")?;
+
Ok(())
}
diff --git a/tool/src/sq-usage.rs b/tool/src/sq-usage.rs
index 0867f41c..8337885b 100644
--- a/tool/src/sq-usage.rs
+++ b/tool/src/sq-usage.rs
@@ -76,6 +76,7 @@
//! -o, --output <FILE> Sets the output file to use
//! -r, --recipient <LABEL>... Recipient to encrypt for (can be given multiple times)
//! --recipient-key-file <TPK-FILE>... Recipient to encrypt for, given as a file (can be given multiple times)
+//! --signer-key-file <TSK-FILE>... Secret key to sign with, given as a file (can be given multiple times)
//!
//! ARGS:
//! <FILE> Sets the input file to use
diff --git a/tool/src/sq.rs b/tool/src/sq.rs
index 29f2fbdd..dc893dd6 100644
--- a/tool/src/sq.rs
+++ b/tool/src/sq.rs
@@ -136,9 +136,12 @@ fn real_main() -> Result<(), failure::Error> {
let additional_tpks = m.values_of("recipient-key-file")
.map(load_tpks)
.unwrap_or(Ok(vec![]))?;
+ let additional_secrets = m.values_of("signer-key-file")
+ .map(load_tpks)
+ .unwrap_or(Ok(vec![]))?;
commands::encrypt(&mut store, &mut input, &mut output,
m.occurrences_of("symmetric") as usize,
- recipients, additional_tpks)?;
+ recipients, additional_tpks, additional_secrets)?;
},
("sign", Some(m)) => {
let mut input = open_or_stdin(m.value_of("input"))?;
diff --git a/tool/src/sq_cli.rs b/tool/src/sq_cli.rs
index bf2b3e37..0f96f3b2 100644
--- a/tool/src/sq_cli.rs
+++ b/tool/src/sq_cli.rs
@@ -88,6 +88,14 @@ pub fn build() -> App<'static, 'static> {
.number_of_values(1)
.help("Recipient to encrypt for, given as a file \
(can be given multiple times)"))
+ .arg(Arg::with_name("signer-key-file")
+ .long("signer-key-file")
+ .multiple(true)
+ .takes_value(true)
+ .value_name("TSK-FILE")
+ .number_of_values(1)
+ .help("Secret key to sign with, given as a file \
+ (can be given multiple times)"))
.arg(Arg::with_name("symmetric")
.long("symmetric")
.short("s")
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-08 11:55:53 +0000