improve comments and variable names WRT base64 encoded encryption keys

This commit is contained in:
Joey Hess 2013-03-03 19:44:48 -04:00
parent 0b236edba9
commit 13cfe5c582
2 changed files with 17 additions and 11 deletions

View file

@ -37,28 +37,30 @@ import qualified Utility.Gpg as Gpg
import Types.Key import Types.Key
import Types.Crypto import Types.Crypto
{- The first half of a Cipher is used for HMAC; the remainder {- The beginning of a Cipher is used for HMAC; the remainder
- is used as the GPG symmetric encryption passphrase. - is used as the GPG symmetric encryption passphrase.
- -
- HMAC SHA1 needs only 64 bytes. The remainder is for expansion, - HMAC SHA1 needs only 64 bytes. The rest of the HMAC key is for expansion,
- perhaps to HMAC SHA512, which needs 128 bytes (ideally). - perhaps to HMAC SHA512, which needs 128 bytes (ideally).
- It also provides room the Cipher to contain data in a form like base64,
- which does not pack a full byte of entropy into a byte of data.
- -
- 256 is enough for gpg's symetric cipher; unlike weaker public key - 256 bytes is enough for gpg's symetric cipher; unlike weaker public key
- crypto, the key does not need to be too large. - crypto, the key does not need to be too large.
-} -}
cipherHalf :: Int cipherBeginning :: Int
cipherHalf = 256 cipherBeginning = 256
cipherSize :: Int cipherSize :: Int
cipherSize = cipherHalf * 2 cipherSize = 512
cipherPassphrase :: Cipher -> String cipherPassphrase :: Cipher -> String
cipherPassphrase (Cipher c) = drop cipherHalf c cipherPassphrase (Cipher c) = drop cipherBeginning c
cipherHmac :: Cipher -> String cipherHmac :: Cipher -> String
cipherHmac (Cipher c) = take cipherHalf c cipherHmac (Cipher c) = take cipherBeginning c
{- Creates a new Cipher, encrypted to the specificed key id. -} {- Creates a new Cipher, encrypted to the specified key id. -}
genEncryptedCipher :: String -> IO StorableCipher genEncryptedCipher :: String -> IO StorableCipher
genEncryptedCipher keyid = do genEncryptedCipher keyid = do
ks <- Gpg.findPubKeys keyid ks <- Gpg.findPubKeys keyid
@ -103,7 +105,8 @@ encryptCipher (Cipher c) (KeyIds ks) = do
{- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -} {- Decrypting an EncryptedCipher is expensive; the Cipher should be cached. -}
decryptCipher :: StorableCipher -> IO Cipher decryptCipher :: StorableCipher -> IO Cipher
decryptCipher (SharedCipher t) = return $ Cipher t decryptCipher (SharedCipher t) = return $ Cipher t
decryptCipher (EncryptedCipher t _) = Cipher <$> Gpg.pipeStrict [ Param "--decrypt" ] t decryptCipher (EncryptedCipher t _) =
Cipher <$> Gpg.pipeStrict [ Param "--decrypt" ] t
{- Generates an encrypted form of a Key. The encryption does not need to be {- Generates an encrypted form of a Key. The encryption does not need to be
- reversable, nor does it need to be the same type of encryption used - reversable, nor does it need to be the same type of encryption used

View file

@ -96,7 +96,10 @@ findPubKeys for = KeyIds . parse <$> readStrict params
{- Creates a block of high-quality random data suitable to use as a cipher. {- Creates a block of high-quality random data suitable to use as a cipher.
- It is armored, to avoid newlines, since gpg only reads ciphers up to the - It is armored, to avoid newlines, since gpg only reads ciphers up to the
- first newline. -} - first newline.
-
- The size is the number of bytes of entropy desired; the data is
- base64 encoded, so will have a somewhat longer length. -}
genRandom :: Int -> IO String genRandom :: Int -> IO String
genRandom size = readStrict genRandom size = readStrict
[ Params "--gen-random --armor" [ Params "--gen-random --armor"