diff options
author | Joey Hess <joey@kitenet.net> | 2011-04-16 23:02:09 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2011-04-16 23:02:09 -0400 |
commit | d82898841581bab7785a0010f49e21c5eec5b51b (patch) | |
tree | 81bbc7d47ce66917987cf895efdd15207bdf0c94 | |
parent | 480cc353c46d88c55b252fbb6c5dc4feff08995c (diff) |
proper encrypted keys
For HMAC, using the Data.Digest.Pure.SHA library. I have been avoiding
this library for checksumming generally, since it's (probably) not
as fast as external utilities, but it's fine to use it for HMAC.
-rw-r--r-- | Crypto.hs | 17 | ||||
-rw-r--r-- | doc/install.mdwn | 1 |
2 files changed, 10 insertions, 8 deletions
@@ -24,6 +24,8 @@ module Crypto ( import qualified Data.ByteString.Lazy.Char8 as L import qualified Data.Map as M import qualified Codec.Binary.Base64 as B64 +import Data.ByteString.Lazy.UTF8 (fromString) +import Data.Digest.Pure.SHA import System.Cmd.Utils import Data.String.Utils import Data.List @@ -105,12 +107,11 @@ decryptCipher _ (EncryptedCipher encipher _) = - reversable, nor does it need to be the same type of encryption used - on content. It does need to be repeatable. -} encryptKey :: Cipher -> Key -> IO Key -encryptKey c k = +encryptKey (Cipher c) k = return Key { - -- FIXME: should use HMAC with the cipher; I don't - -- have Data.Crypto in Debian yet though. - keyName = show k, - keyBackendName = "INSECURE", + keyName = showDigest $ + hmacSha1 (fromString $ show k) (fromString c), + keyBackendName = "GPGHMACSHA1", keySize = Nothing, -- size and mtime omitted keyMtime = Nothing -- to avoid leaking data } @@ -154,12 +155,12 @@ gpgCipher :: [CommandParam] -> Cipher -> L.ByteString -> (L.ByteString -> IO a) gpgCipher params (Cipher c) input a = do -- pipe the passphrase into gpg on a fd (frompipe, topipe) <- createPipe - toh <- fdToHandle topipe - let Fd fromno = frompipe _ <- forkIO $ do + toh <- fdToHandle topipe hPutStrLn toh c hClose toh - let passphrase = [Param "--passphrase-fd", Param $ show fromno] + let Fd passphrasefd = frompipe + let passphrase = [Param "--passphrase-fd", Param $ show passphrasefd] (pid, output) <- gpgPipeBytes (passphrase ++ params) input ret <- a output diff --git a/doc/install.mdwn b/doc/install.mdwn index 746352cb8..7a0c6020b 100644 --- a/doc/install.mdwn +++ b/doc/install.mdwn @@ -13,6 +13,7 @@ To build and use git-annex, you will need: * MissingH: <http://github.com/jgoerzen/missingh/wiki> * pcre-light: <http://hackage.haskell.org/package/pcre-light> * utf8-string: <http://hackage.haskell.org/package/utf8-string> +* SHA: <http://hackage.haskell.org/package/SHA> * TestPack <http://hackage.haskell.org/cgi-bin/hackage-scripts/package/testpack> * QuickCheck 2 <http://hackage.haskell.org/package/QuickCheck> * hS3 <http://hackage.haskell.org/package/hS3> (optional, but recommended) |