Generate ciphers with a better entropy.
Unless highRandomQuality=false (or --fast) is set, use Libgcypt's 'GCRY_VERY_STRONG_RANDOM' level by default for cipher generation, like it's done for OpenPGP key generation. On the assistant side, the random quality is left to the old (lower) level, in order not to scare the user with an enless page load due to the blocking PRNG waiting for IO actions.
This commit is contained in:
guilhem
Joey Hess
parent
602baae12e
commit
00fc21bfec
6 changed files with 41 additions and 19 deletions
11
Crypto.hs
11
Crypto.hs
|
|
@ -67,15 +67,16 @@ cipherMac :: Cipher -> String
|
|||
cipherMac (Cipher c) = take cipherBeginning c
|
||||
|
||||
{- Creates a new Cipher, encrypted to the specified key id. -}
|
||||
genEncryptedCipher :: String -> IO StorableCipher
|
||||
genEncryptedCipher keyid = do
|
||||
genEncryptedCipher :: String -> Bool -> IO StorableCipher
|
||||
genEncryptedCipher keyid highQuality = do
|
||||
ks <- Gpg.findPubKeys keyid
|
||||
random <- Gpg.genRandom cipherSize
|
||||
random <- Gpg.genRandom highQuality cipherSize
|
||||
encryptCipher (Cipher random) ks
|
||||
|
||||
{- Creates a new, shared Cipher. -}
|
||||
genSharedCipher :: IO StorableCipher
|
||||
genSharedCipher = SharedCipher <$> Gpg.genRandom cipherSize
|
||||
genSharedCipher :: Bool -> IO StorableCipher
|
||||
genSharedCipher highQuality =
|
||||
SharedCipher <$> Gpg.genRandom highQuality cipherSize
|
||||
|
||||
{- Updates an existing Cipher, re-encrypting it to add a keyid. -}
|
||||
updateEncryptedCipher :: String -> StorableCipher -> IO StorableCipher
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue