diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-09-21 03:32:09 +0200 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2012-09-21 03:32:09 +0200 |
commit | 93c025c69aac8867916bbd0f5813765fac7d852b (patch) | |
tree | 2cee4ec373e4f6b178798f751dde05d6db43e44e | |
parent | 74e4ea941bb61d9e830ae9d2a7cfe690c2df34f0 (diff) | |
download | pass-93c025c69aac8867916bbd0f5813765fac7d852b.tar.gz pass-93c025c69aac8867916bbd0f5813765fac7d852b.tar.bz2 pass-93c025c69aac8867916bbd0f5813765fac7d852b.zip |
Add option to init to reencrypt all passwords.
Reported-by: Simon KP <si@eskp.net>
-rw-r--r-- | man/pass.1 | 8 | ||||
-rwxr-xr-x | src/password-store.sh | 24 |
2 files changed, 28 insertions, 4 deletions
@@ -51,11 +51,15 @@ password names in .SH COMMANDS .TP -\fBinit\fP \fIgpg-id\fP +\fBinit\fP [ \fI--reencrypt\fP, \fI-e\fP ] \fIgpg-id\fP Initialize new password storage and use .I gpg-id for encryption. This command must be run first before a password store can be -used. +used. If \fI--reencrypt\fP or \fI-e\fP is specified, reencrypt all existing +passwords in the password store using \fIgpg-id\fP. Note that use of +.BR gpg-agent (1) +is recommended so that the batch decryption does not require as much user +intervention. .TP \fBls\fP \fIsubfolder\fP List names of passwords inside the tree at diff --git a/src/password-store.sh b/src/password-store.sh index 9923907..f137f55 100755 --- a/src/password-store.sh +++ b/src/password-store.sh @@ -30,8 +30,9 @@ usage() { cat <<_EOF Usage: - $program init gpg-id + $program init [--reencrypt,-e] gpg-id Initialize new password storage and use gpg-id for encryption. + Optionally reencrypt existing passwords using new gpg-id. $program [ls] [subfolder] List passwords. $program [show] [--clip,-c] pass-name @@ -134,15 +135,34 @@ fi case "$command" in init) + reencrypt=0 + + opts="$($GETOPT -o e -l reencrypt -n "$program" -- "$@")" + err=$? + eval set -- "$opts" + while true; do case $1 in + -e|--reencrypt) reencrypt=1; shift ;; + --) shift; break ;; + esac done + if [[ $# -ne 1 ]]; then - echo "Usage: $program $command gpg-id" + echo "Usage: $program $command [--reencrypt,-e] gpg-id" exit 1 fi + gpg_id="$1" mkdir -v -p "$PREFIX" echo "$gpg_id" > "$ID" echo "Password store initialized for $gpg_id." git_add_file "$ID" "Set GPG id to $gpg_id." + + if [[ $reencrypt -eq 1 ]]; then + find "$PREFIX" -iname '*.gpg' | while read passfile; do + $GPG -d $GPG_OPTS "$passfile" | $GPG -e -r "$gpg_id" -o "$passfile.new" $GPG_OPTS && + mv -v "$passfile.new" "$passfile" + done + git_add_file "$PREFIX" "Reencrypted entire store using new GPG id $gpg_id." + fi exit 0 ;; help|--help) |