summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Joey Hess <joey@kitenet.net>2013-09-17 15:36:15 -0400
committerGravatar Joey Hess <joey@kitenet.net>2013-09-17 15:36:15 -0400
commited447bb22bffd06d8f971b676ab6de7a72977b50 (patch)
tree462ced682a51add6d6dfee519f6707be28abba55
parent028a1c8cbf63927e145ea3e0525b991097756a01 (diff)
webapp gpg key generation
Now the webapp can generate a gpg key that is dedicated for use by git-annex. Since the key is single use, much of the complexity of generating gpg keys is avoided. Note that the key has no password, because gpg-agent is not available everywhere the assistant is installed. This is not a big security problem because the key is going to live on the same disk as the git annex repository, so an attacker with access to it can look directly in the repository to see the same files that get stored in the encrypted repository on the removable drive. There is no provision yet for backing up keys. This commit sponsored by Robert Beaty.
-rw-r--r--Utility/Gpg.hs19
-rw-r--r--doc/assistant/genkey.pngbin0 -> 27854 bytes
2 files changed, 13 insertions, 6 deletions
diff --git a/Utility/Gpg.hs b/Utility/Gpg.hs
index 594cc562d..f9b3d55e8 100644
--- a/Utility/Gpg.hs
+++ b/Utility/Gpg.hs
@@ -172,6 +172,11 @@ type Passphrase = String
type Size = Int
data KeyType = Algo Int | DSA | RSA
+{- The maximum key size that gpg currently offers in its UI when
+ - making keys. -}
+maxRecommendedKeySize :: Size
+maxRecommendedKeySize = 4096
+
{- Generates a secret key using the experimental batch mode.
- The key is added to the secret key ring.
- Can take a very long time, depending on system entropy levels.
@@ -182,16 +187,18 @@ genSecretKey keytype passphrase userid keysize =
where
params = ["--batch", "--gen-key"]
feeder h = do
- hPutStr h $ unlines
- [ "Key-Type: " ++
+ hPutStr h $ unlines $ catMaybes
+ [ Just $ "Key-Type: " ++
case keytype of
DSA -> "DSA"
RSA -> "RSA"
Algo n -> show n
- , "Key-Length: " ++ show keysize
- , "Name-Real: " ++ userid
- , "Expire-Date: 0"
- , "Passphrase: " ++ passphrase
+ , Just $ "Key-Length: " ++ show keysize
+ , Just $ "Name-Real: " ++ userid
+ , Just $ "Expire-Date: 0"
+ , if null passphrase
+ then Nothing
+ else Just $ "Passphrase: " ++ passphrase
]
hClose h
diff --git a/doc/assistant/genkey.png b/doc/assistant/genkey.png
new file mode 100644
index 000000000..6c1e50971
--- /dev/null
+++ b/doc/assistant/genkey.png
Binary files differ