summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2012-09-21 03:32:09 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2012-09-21 03:32:09 +0200
commit93c025c69aac8867916bbd0f5813765fac7d852b (patch)
tree2cee4ec373e4f6b178798f751dde05d6db43e44e
parent74e4ea941bb61d9e830ae9d2a7cfe690c2df34f0 (diff)
downloadpass-93c025c69aac8867916bbd0f5813765fac7d852b.tar.gz
pass-93c025c69aac8867916bbd0f5813765fac7d852b.tar.bz2
pass-93c025c69aac8867916bbd0f5813765fac7d852b.zip
Add option to init to reencrypt all passwords.
Reported-by: Simon KP <si@eskp.net>
-rw-r--r--man/pass.18
-rwxr-xr-xsrc/password-store.sh24
2 files changed, 28 insertions, 4 deletions
diff --git a/man/pass.1 b/man/pass.1
index c215cd2..67dcca6 100644
--- a/man/pass.1
+++ b/man/pass.1
@@ -51,11 +51,15 @@ password names in
.SH COMMANDS
.TP
-\fBinit\fP \fIgpg-id\fP
+\fBinit\fP [ \fI--reencrypt\fP, \fI-e\fP ] \fIgpg-id\fP
Initialize new password storage and use
.I gpg-id
for encryption. This command must be run first before a password store can be
-used.
+used. If \fI--reencrypt\fP or \fI-e\fP is specified, reencrypt all existing
+passwords in the password store using \fIgpg-id\fP. Note that use of
+.BR gpg-agent (1)
+is recommended so that the batch decryption does not require as much user
+intervention.
.TP
\fBls\fP \fIsubfolder\fP
List names of passwords inside the tree at
diff --git a/src/password-store.sh b/src/password-store.sh
index 9923907..f137f55 100755
--- a/src/password-store.sh
+++ b/src/password-store.sh
@@ -30,8 +30,9 @@ usage() {
cat <<_EOF
Usage:
- $program init gpg-id
+ $program init [--reencrypt,-e] gpg-id
Initialize new password storage and use gpg-id for encryption.
+ Optionally reencrypt existing passwords using new gpg-id.
$program [ls] [subfolder]
List passwords.
$program [show] [--clip,-c] pass-name
@@ -134,15 +135,34 @@ fi
case "$command" in
init)
+ reencrypt=0
+
+ opts="$($GETOPT -o e -l reencrypt -n "$program" -- "$@")"
+ err=$?
+ eval set -- "$opts"
+ while true; do case $1 in
+ -e|--reencrypt) reencrypt=1; shift ;;
+ --) shift; break ;;
+ esac done
+
if [[ $# -ne 1 ]]; then
- echo "Usage: $program $command gpg-id"
+ echo "Usage: $program $command [--reencrypt,-e] gpg-id"
exit 1
fi
+
gpg_id="$1"
mkdir -v -p "$PREFIX"
echo "$gpg_id" > "$ID"
echo "Password store initialized for $gpg_id."
git_add_file "$ID" "Set GPG id to $gpg_id."
+
+ if [[ $reencrypt -eq 1 ]]; then
+ find "$PREFIX" -iname '*.gpg' | while read passfile; do
+ $GPG -d $GPG_OPTS "$passfile" | $GPG -e -r "$gpg_id" -o "$passfile.new" $GPG_OPTS &&
+ mv -v "$passfile.new" "$passfile"
+ done
+ git_add_file "$PREFIX" "Reencrypted entire store using new GPG id $gpg_id."
+ fi
exit 0
;;
help|--help)