mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

proper encrypted keys

Browse source 
For HMAC, using the Data.Digest.Pure.SHA library. I have been avoiding
this library for checksumming generally, since it's (probably) not
as fast as external utilities, but it's fine to use it for HMAC.
This commit is contained in:
Joey Hess 2011-04-16 23:02:09 -04:00
parent 480cc353c4
commit d828988415
2 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
Crypto.hs
View file

@ -24,6 +24,8 @@ module Crypto (
import qualified Data.ByteString.Lazy.Char8 as L import qualified Data.ByteString.Lazy.Char8 as L
import qualified Data.Map as M import qualified Data.Map as M
import qualified Codec.Binary.Base64 as B64 import qualified Codec.Binary.Base64 as B64
import Data.ByteString.Lazy.UTF8 (fromString)
import Data.Digest.Pure.SHA
import System.Cmd.Utils import System.Cmd.Utils
import Data.String.Utils import Data.String.Utils
import Data.List import Data.List
@ -105,12 +107,11 @@ decryptCipher _ (EncryptedCipher encipher _) =
- reversable, nor does it need to be the same type of encryption used - reversable, nor does it need to be the same type of encryption used
- on content. It does need to be repeatable. -} - on content. It does need to be repeatable. -}
encryptKey :: Cipher -> Key -> IO Key encryptKey :: Cipher -> Key -> IO Key
encryptKey c k = encryptKey (Cipher c) k =
return Key { return Key {
-- FIXME: should use HMAC with the cipher; I don't keyName = showDigest $
-- have Data.Crypto in Debian yet though. hmacSha1 (fromString $ show k) (fromString c),
keyName = show k, keyBackendName = "GPGHMACSHA1",
keyBackendName = "INSECURE",
keySize = Nothing, -- size and mtime omitted keySize = Nothing, -- size and mtime omitted
keyMtime = Nothing -- to avoid leaking data keyMtime = Nothing -- to avoid leaking data
} }
@ -154,12 +155,12 @@ gpgCipher :: [CommandParam] -> Cipher -> L.ByteString -> (L.ByteString -> IO a)
gpgCipher params (Cipher c) input a = do gpgCipher params (Cipher c) input a = do
-- pipe the passphrase into gpg on a fd -- pipe the passphrase into gpg on a fd
(frompipe, topipe) <- createPipe (frompipe, topipe) <- createPipe
toh <- fdToHandle topipe
let Fd fromno = frompipe
_ <- forkIO $ do _ <- forkIO $ do
toh <- fdToHandle topipe
hPutStrLn toh c hPutStrLn toh c
hClose toh hClose toh
let passphrase = [Param "--passphrase-fd", Param $ show fromno] let Fd passphrasefd = frompipe
let passphrase = [Param "--passphrase-fd", Param $ show passphrasefd]
(pid, output) <- gpgPipeBytes (passphrase ++ params) input (pid, output) <- gpgPipeBytes (passphrase ++ params) input
ret <- a output ret <- a output

1
doc/install.mdwn
View file

@ -13,6 +13,7 @@ To build and use git-annex, you will need:
* MissingH: <http://github.com/jgoerzen/missingh/wiki> * MissingH: <http://github.com/jgoerzen/missingh/wiki>
* pcre-light: <http://hackage.haskell.org/package/pcre-light> * pcre-light: <http://hackage.haskell.org/package/pcre-light>
* utf8-string: <http://hackage.haskell.org/package/utf8-string> * utf8-string: <http://hackage.haskell.org/package/utf8-string>
* SHA: <http://hackage.haskell.org/package/SHA>
* TestPack <http://hackage.haskell.org/cgi-bin/hackage-scripts/package/testpack> * TestPack <http://hackage.haskell.org/cgi-bin/hackage-scripts/package/testpack>
* QuickCheck 2 <http://hackage.haskell.org/package/QuickCheck> * QuickCheck 2 <http://hackage.haskell.org/package/QuickCheck>
* hS3 <http://hackage.haskell.org/package/hS3> (optional, but recommended) * hS3 <http://hackage.haskell.org/package/hS3> (optional, but recommended)