diff options
| author |  guilhem <guilhem@fripost.org> | 2013-04-05 21:06:16 +0200 |
|---|---|---|
| committer |  Joey Hess <joey@kitenet.net> | 2013-04-06 16:09:51 -0400 |
| commit | a7f50205bb1ccd41d4a9ab4e11d984e643be755f (patch) | |
| tree | 519c7148a87575896450b7dc43fc58e8b34dfe02 /Crypto.hs | |
| parent | f758f6d5cbef989bff75fcd140edb8e0b8899b84 (diff) | |
Generate ciphers with a better entropy.
Unless highRandomQuality=false (or --fast) is set, use Libgcypt's
'GCRY_VERY_STRONG_RANDOM' level by default for cipher generation, like
it's done for OpenPGP key generation.
On the assistant side, the random quality is left to the old (lower)
level, in order not to scare the user with an enless page load due to
the blocking PRNG waiting for IO actions.
Diffstat (limited to 'Crypto.hs')
| -rw-r--r-- | Crypto.hs | 11 |
1 files changed, 6 insertions, 5 deletions
@@ -67,15 +67,16 @@ cipherMac :: Cipher -> String cipherMac (Cipher c) = take cipherBeginning c {- Creates a new Cipher, encrypted to the specified key id. -} -genEncryptedCipher :: String -> IO StorableCipher -genEncryptedCipher keyid = do +genEncryptedCipher :: String -> Bool -> IO StorableCipher +genEncryptedCipher keyid highQuality = do ks <- Gpg.findPubKeys keyid - random <- Gpg.genRandom cipherSize + random <- Gpg.genRandom highQuality cipherSize encryptCipher (Cipher random) ks {- Creates a new, shared Cipher. -} -genSharedCipher :: IO StorableCipher -genSharedCipher = SharedCipher <$> Gpg.genRandom cipherSize +genSharedCipher :: Bool -> IO StorableCipher +genSharedCipher highQuality = + SharedCipher <$> Gpg.genRandom highQuality cipherSize {- Updates an existing Cipher, re-encrypting it to add a keyid. -} updateEncryptedCipher :: String -> StorableCipher -> IO StorableCipher |