chiark / gitweb /
distorted-keys
6 years agocryptop.list: New tool for listing keys. 0.99.1
Mark Wooding [Mon, 26 Dec 2011 04:19:01 +0000 (04:19 +0000)]
cryptop.list: New tool for listing keys.

Surprisingly nice output format.

6 years agokeyfunc.sh.in, cryptop.{genkey,recover}: Care over key ownership.
Mark Wooding [Mon, 26 Dec 2011 04:18:33 +0000 (04:18 +0000)]
keyfunc.sh.in, cryptop.{genkey,recover}: Care over key ownership.

Interpret profiles relative to the key owner, not the caller!  Only allow
the key owner to recover a key.

6 years agokeys.archive: New program to capture and sign an archive.
Mark Wooding [Mon, 26 Dec 2011 00:03:53 +0000 (00:03 +0000)]
keys.archive: New program to capture and sign an archive.

Doesn't include the key nubs.

6 years agodistorted-keys.userv: Add userv configuration snippet.
Mark Wooding [Mon, 26 Dec 2011 00:03:18 +0000 (00:03 +0000)]
distorted-keys.userv: Add userv configuration snippet.

Needs a configured user name, and sbindir.

6 years agoMakefile.am: Move cryptop stuff after keys stuff.
Mark Wooding [Mon, 26 Dec 2011 00:00:43 +0000 (00:00 +0000)]
Makefile.am: Move cryptop stuff after keys stuff.

Makes more sense this way.

6 years agoextract-profile.in: Allow empty sections.
Mark Wooding [Sun, 25 Dec 2011 23:55:59 +0000 (23:55 +0000)]
extract-profile.in: Allow empty sections.

Create a section as soon as we see a section header; we no longer need
the more complicated lazy creation code.

6 years agocryptop.in, keyfunc.sh.in: Move userv variable setup into keyfunc.sh.
Mark Wooding [Sun, 25 Dec 2011 23:51:36 +0000 (23:51 +0000)]
cryptop.in, keyfunc.sh.in: Move userv variable setup into keyfunc.sh.

We'll need these set up in a later program.

6 years agocryptop.public: Don't check an ACL.
Mark Wooding [Sun, 25 Dec 2011 23:47:22 +0000 (23:47 +0000)]
cryptop.public: Don't check an ACL.

It's not worthwhile: public keys will be clearly visible in an archive
copy.

6 years agokeyfunc.sh.in (prepare): Indicate that an ACL check isn't necessary.
Mark Wooding [Sun, 25 Dec 2011 23:46:39 +0000 (23:46 +0000)]
keyfunc.sh.in (prepare): Indicate that an ACL check isn't necessary.

6 years agokeyfunc.sh.in: Add come commentary to the configuration section.
Mark Wooding [Sun, 25 Dec 2011 23:43:10 +0000 (23:43 +0000)]
keyfunc.sh.in: Add come commentary to the configuration section.

6 years agokeys.new-recov, keys.reveal, keyfunc.sh.in: Don't put @bindir@ on the PATH.
Mark Wooding [Sun, 25 Dec 2011 23:49:44 +0000 (23:49 +0000)]
keys.new-recov, keys.reveal, keyfunc.sh.in: Don't put @bindir@ on the PATH.

Call `shamir' using an explicit pathname instead.

6 years agokeyfunc.sh.in: Rename the nub computation properties.
Mark Wooding [Sun, 25 Dec 2011 23:32:48 +0000 (23:32 +0000)]
keyfunc.sh.in: Rename the nub computation properties.

These names are more consistent with the longer names used elsewhere.

6 years agoextract-profile.in: Property name fixup wasn't applied to ${...} tokens.
Mark Wooding [Sun, 25 Dec 2011 23:58:43 +0000 (23:58 +0000)]
extract-profile.in: Property name fixup wasn't applied to ${...} tokens.

Move it into the common replacement code.

6 years agokeyfunc.sh.in (prepare): Exit nonzero if ACL check fails.
Mark Wooding [Sun, 25 Dec 2011 23:43:50 +0000 (23:43 +0000)]
keyfunc.sh.in (prepare): Exit nonzero if ACL check fails.

Just a missing return code.

6 years agocryptop.verify: Use the correct operations.
Mark Wooding [Sun, 25 Dec 2011 23:54:23 +0000 (23:54 +0000)]
cryptop.verify: Use the correct operations.

Stupid copy-and-paste error.

6 years agokeyfunc.sh.in, extract-profile.in: Put profile name before the filenames.
Mark Wooding [Sun, 25 Dec 2011 23:41:43 +0000 (23:41 +0000)]
keyfunc.sh.in, extract-profile.in: Put profile name before the filenames.

This is the way it was originally, but that version wasn't checked in.
I had some crazy idea that this ordering made interfacing to userv
easier, but it doesn't.

6 years agocryptop.*, extract-profile.in: Set execute bits.
Mark Wooding [Sun, 25 Dec 2011 23:30:26 +0000 (23:30 +0000)]
cryptop.*, extract-profile.in: Set execute bits.

6 years agoMultiple key types, key profiles, and user key storage.
Mark Wooding [Sat, 24 Dec 2011 02:29:11 +0000 (02:29 +0000)]
Multiple key types, key profiles, and user key storage.

  * Introduce multiple key types (currently GnuPG and Seccure, but maybe
    more later, e.g., OpenSSL).

  * Parameters are provided via time-varying profiles.

  * Profiles can be chosen for keeper and recovery keys.

  * Allow users to generate and use keys.

6 years agomore progress. recovery seems to be working now.
Mark Wooding [Sat, 17 Dec 2011 00:15:00 +0000 (00:15 +0000)]
more progress.  recovery seems to be working now.

6 years agoinitial checkin: still somewhat sketchy
Mark Wooding [Tue, 13 Dec 2011 01:05:10 +0000 (01:05 +0000)]
initial checkin: still somewhat sketchy