tAvoid using a tempfile on every key decryption - tomb - the crypto undertaker HTML git clone git://parazyd.org/tomb.git DIR Log DIR Files DIR Refs DIR README DIR LICENSE --- DIR commit aba0fa519110a7613b147091fb84368b84d66f84 DIR parent 2c4fb4852ed46f9dade43fb2339f86a2da32675d HTML Author: Jaromil <jaromil@dyne.org> Date: Sun, 23 Nov 2014 16:58:43 +0100 Avoid using a tempfile on every key decryption A tempfile was often used by Tomb in order to parse the stderr output of gpg and detect if the password is correct or not. The tempfile was not holding any secret information (see #162) yet this is an improvement for Tomb's deniability since there is now much less going on in the temp firectory. Diffstat: M tomb | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- DIR diff --git a/tomb b/tomb t@@ -848,6 +848,7 @@ gpg_decrypt() { # fix for gpg 1.4.11 where the --status-* options don't work ;^/ local gpgver=$(gpg --version --no-permission-warning | awk '/^gpg/ {print $3}') local gpgpass="$1\n$TOMBKEY" + local gpgstatus [[ $gpgver == "1.4.11" ]] && { _verbose "GnuPG is version 1.4.11 - adopting status fix." t@@ -860,19 +861,16 @@ gpg_decrypt() { } || { # using status-file in gpg != 1.4.11 # TODO: use mkfifo - _tmp_create - statusfile=$TOMBTMP - TOMBSECRET=`print - "$gpgpass" | \ gpg --batch --passphrase-fd 0 --no-tty --no-options \ --status-fd 2 --no-mdc-warning --no-permission-warning \ - --no-secmem-warning 2> $statusfile` + --no-secmem-warning` 2>&1 | read -r -d'\n' gpgstatus unset gpgpass ret=1 - [[ "${mapfile[$statusfile]}" =~ "DECRYPTION_OKAY" ]] && { ret=0 } + [[ "${gpgstatus}" =~ "DECRYPTION_OKAY" ]] && { ret=0 } } t@@ -1372,7 +1370,7 @@ forge_key() { # Do not overwrite any files accidentally [[ -r "$destkey" ]] && { _warning "Forging this key would overwrite an existing file. Operation aborted." - ls -lh $destkey + ls -lh $destkey } # Update algorithm if it was passed on the command line with -o { option_is_set -o } && { algopt="$(option_value -o)" }