mirror of
https://github.com/AGWA/git-crypt.git
synced 2026-02-04 11:07:57 -08:00
Major revamp: new key paradigm, groundwork for GPG support
The active key is now stored in .git/git-crypt/key instead of being stored outside the repo. This will facilitate GPG support, where the user may never interact directly with a key file. It's also more convenient, because it means you don't have to keep the key file around in a fixed location (which can't be moved without breaking git-crypt). 'git-crypt init' now takes no arguments and is used only when initializing git-crypt for the very first time. It generates a brand-new key, so there's no longer a separate keygen step. To export the key (for conveyance to another system or to a collaborator), run 'git-crypt export-key FILENAME'. To decrypt an existing repo using an exported key, run 'git-crypt unlock KEYFILE'. After running unlock, you can delete the key file you passed to unlock. Key files now use a new format that supports key versioning (which will facilitate secure revocation in the future). I've made these changes as backwards-compatible as possible. Repos already configured with git-crypt will continue to work without changes. However, 'git-crypt unlock' expects a new format key. You can use the 'git-crypt migrate-key KEYFILE' command to migrate old keys to the new format. Note that old repos won't be able to use the new commands, like export-key, or the future GPG support. To migrate an old repo, migrate its key file and then unlock the repo using the unlock command, as described above. While making these changes, I cleaned up the code significantly, adding better error handling and improving robustness. Next up: GPG support.
This commit is contained in:
Andrew Ayer
178
git-crypt.cpp
178
git-crypt.cpp
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2012 Andrew Ayer
|
||||
* Copyright 2012, 2014 Andrew Ayer
|
||||
*
|
||||
* This file is part of git-crypt.
|
||||
*
|
||||
@@ -28,29 +28,59 @@
|
||||
* as that of the covered work.
|
||||
*/
|
||||
|
||||
#include "git-crypt.hpp"
|
||||
#include "commands.hpp"
|
||||
#include "util.hpp"
|
||||
#include "crypto.hpp"
|
||||
#include "key.hpp"
|
||||
#include <cstring>
|
||||
#include <unistd.h>
|
||||
#include <iostream>
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
static void print_usage (const char* argv0)
|
||||
const char* argv0;
|
||||
|
||||
static void print_usage (std::ostream& out)
|
||||
{
|
||||
std::clog << "Usage: " << argv0 << " COMMAND [ARGS ...]\n";
|
||||
std::clog << "\n";
|
||||
std::clog << "Valid commands:\n";
|
||||
std::clog << " init KEYFILE - prepare the current git repo to use git-crypt with this key\n";
|
||||
std::clog << " keygen KEYFILE - generate a git-crypt key in the given file\n";
|
||||
std::clog << "\n";
|
||||
std::clog << "Plumbing commands (not to be used directly):\n";
|
||||
std::clog << " clean KEYFILE\n";
|
||||
std::clog << " smudge KEYFILE\n";
|
||||
std::clog << " diff KEYFILE FILE\n";
|
||||
out << "Usage: " << argv0 << " COMMAND [ARGS ...]" << std::endl;
|
||||
out << "" << std::endl;
|
||||
out << "Standard commands:" << std::endl;
|
||||
out << " init - generate a key, prepare the current repo to use git-crypt" << std::endl;
|
||||
out << " unlock KEYFILE - decrypt the current repo using the given symmetric key" << std::endl;
|
||||
out << " export-key FILE - export the repo's symmetric key to the given file" << std::endl;
|
||||
//out << " refresh - ensure all files in the repo are properly decrypted" << std::endl;
|
||||
out << " help - display this help message" << std::endl;
|
||||
out << " help COMMAND - display help for the given git-crypt command" << std::endl;
|
||||
out << "" << std::endl;
|
||||
/*
|
||||
out << "GPG commands:" << std::endl;
|
||||
out << " unlock - decrypt the current repo using the in-repo GPG-encrypted key" << std::endl;
|
||||
out << " add-collab GPGID - add the user with the given GPG key ID as a collaborator" << std::endl;
|
||||
out << " rm-collab GPGID - revoke collaborator status from the given GPG key ID" << std::endl;
|
||||
out << " ls-collabs - list the GPG key IDs of collaborators" << std::endl;
|
||||
out << "" << std::endl;
|
||||
*/
|
||||
out << "Legacy commands:" << std::endl;
|
||||
out << " init KEYFILE - alias for 'unlock KEYFILE'" << std::endl;
|
||||
out << " keygen KEYFILE - generate a git-crypt key in the given file" << std::endl;
|
||||
out << " migrate-key FILE - migrate the given legacy key file to the latest format" << std::endl;
|
||||
out << "" << std::endl;
|
||||
out << "Plumbing commands (not to be used directly):" << std::endl;
|
||||
out << " clean [LEGACY-KEYFILE]" << std::endl;
|
||||
out << " smudge [LEGACY-KEYFILE]" << std::endl;
|
||||
out << " diff [LEGACY-KEYFILE] FILE" << std::endl;
|
||||
}
|
||||
|
||||
|
||||
int main (int argc, const char** argv)
|
||||
int main (int argc, char** argv)
|
||||
try {
|
||||
argv0 = argv[0];
|
||||
|
||||
/*
|
||||
* General initialization
|
||||
*/
|
||||
|
||||
// The following two lines are essential for achieving good performance:
|
||||
std::ios_base::sync_with_stdio(false);
|
||||
std::cin.tie(0);
|
||||
@@ -58,29 +88,115 @@ try {
|
||||
std::cin.exceptions(std::ios_base::badbit);
|
||||
std::cout.exceptions(std::ios_base::badbit);
|
||||
|
||||
if (argc < 3) {
|
||||
print_usage(argv[0]);
|
||||
return 2;
|
||||
}
|
||||
|
||||
ERR_load_crypto_strings();
|
||||
|
||||
if (strcmp(argv[1], "init") == 0 && argc == 3) {
|
||||
init(argv[0], argv[2]);
|
||||
} else if (strcmp(argv[1], "keygen") == 0 && argc == 3) {
|
||||
keygen(argv[2]);
|
||||
} else if (strcmp(argv[1], "clean") == 0 && argc == 3) {
|
||||
clean(argv[2]);
|
||||
} else if (strcmp(argv[1], "smudge") == 0 && argc == 3) {
|
||||
smudge(argv[2]);
|
||||
} else if (strcmp(argv[1], "diff") == 0 && argc == 4) {
|
||||
diff(argv[2], argv[3]);
|
||||
} else {
|
||||
print_usage(argv[0]);
|
||||
/*
|
||||
* Parse command line arguments
|
||||
*/
|
||||
const char* profile = 0;
|
||||
int arg_index = 1;
|
||||
while (arg_index < argc && argv[arg_index][0] == '-') {
|
||||
if (std::strcmp(argv[arg_index], "--help") == 0) {
|
||||
print_usage(std::clog);
|
||||
return 0;
|
||||
} else if (std::strncmp(argv[arg_index], "--profile=", 10) == 0) {
|
||||
profile = argv[arg_index] + 10;
|
||||
++arg_index;
|
||||
} else if (std::strcmp(argv[arg_index], "-p") == 0 && arg_index + 1 < argc) {
|
||||
profile = argv[arg_index + 1];
|
||||
arg_index += 2;
|
||||
} else if (std::strcmp(argv[arg_index], "--") == 0) {
|
||||
++arg_index;
|
||||
break;
|
||||
} else {
|
||||
std::clog << argv0 << ": " << argv[arg_index] << ": Unknown option" << std::endl;
|
||||
print_usage(std::clog);
|
||||
return 2;
|
||||
}
|
||||
}
|
||||
|
||||
(void)(profile); // TODO: profile support
|
||||
|
||||
argc -= arg_index;
|
||||
argv += arg_index;
|
||||
|
||||
if (argc == 0) {
|
||||
print_usage(std::clog);
|
||||
return 2;
|
||||
}
|
||||
|
||||
return 0;
|
||||
/*
|
||||
* Pass off to command handler
|
||||
*/
|
||||
const char* command = argv[0];
|
||||
--argc;
|
||||
++argv;
|
||||
|
||||
// Public commands:
|
||||
if (std::strcmp(command, "help") == 0) {
|
||||
print_usage(std::clog);
|
||||
return 0;
|
||||
}
|
||||
if (std::strcmp(command, "init") == 0) {
|
||||
return init(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "unlock") == 0) {
|
||||
return unlock(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "add-collab") == 0) {
|
||||
return add_collab(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "rm-collab") == 0) {
|
||||
return rm_collab(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "ls-collabs") == 0) {
|
||||
return ls_collabs(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "export-key") == 0) {
|
||||
return export_key(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "keygen") == 0) {
|
||||
return keygen(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "migrate-key") == 0) {
|
||||
return migrate_key(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "refresh") == 0) {
|
||||
return refresh(argc, argv);
|
||||
}
|
||||
// Plumbing commands (executed by git, not by user):
|
||||
if (std::strcmp(command, "clean") == 0) {
|
||||
return clean(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "smudge") == 0) {
|
||||
return smudge(argc, argv);
|
||||
}
|
||||
if (std::strcmp(command, "diff") == 0) {
|
||||
return diff(argc, argv);
|
||||
}
|
||||
|
||||
print_usage(std::clog);
|
||||
return 2;
|
||||
|
||||
} catch (const Error& e) {
|
||||
std::cerr << "git-crypt: Error: " << e.message << std::endl;
|
||||
return 1;
|
||||
} catch (const System_error& e) {
|
||||
std::cerr << "git-crypt: " << e.action << ": ";
|
||||
if (!e.target.empty()) {
|
||||
std::cerr << e.target << ": ";
|
||||
}
|
||||
std::cerr << strerror(e.error) << std::endl;
|
||||
return 1;
|
||||
} catch (const Crypto_error& e) {
|
||||
std::cerr << "git-crypt: Crypto error: " << e.where << ": " << e.message << std::endl;
|
||||
return 1;
|
||||
} catch (Key_file::Incompatible) {
|
||||
std::cerr << "git-crypt: This repository contains a incompatible key file. Please upgrade git-crypt." << std::endl;
|
||||
return 1;
|
||||
} catch (Key_file::Malformed) {
|
||||
std::cerr << "git-crypt: This repository contains a malformed key file. It may be corrupted." << std::endl;
|
||||
return 1;
|
||||
} catch (const std::ios_base::failure& e) {
|
||||
std::cerr << "git-crypt: I/O error: " << e.what() << std::endl;
|
||||
return 1;
|
||||
|
||||
Reference in New Issue
Block a user