diff --git a/lrzip.c b/lrzip.c index d4ad141..e9989ff 100644 --- a/lrzip.c +++ b/lrzip.c @@ -586,7 +586,9 @@ static int get_pass(rzip_control *control, char *s) int len; memset(s, 0, PASS_LEN - SALT_LEN); - if (unlikely(fgets(s, PASS_LEN - SALT_LEN, stdin) == NULL)) + if (control->passphrase) + strncpy(s, control->passphrase, PASS_LEN - SALT_LEN - 1); + else if (unlikely(fgets(s, PASS_LEN - SALT_LEN, stdin) == NULL)) failure_return(("Failed to retrieve passphrase\n"), -1); len = strlen(s); if (len > 0 && ('\r' == s[len - 1] || '\n' == s[len - 1])) @@ -603,6 +605,7 @@ static bool get_hash(rzip_control *control, int make_hash) { char *passphrase, *testphrase; struct termios termios_p; + int prompt = control->passphrase == NULL; passphrase = calloc(PASS_LEN, 1); testphrase = calloc(PASS_LEN, 1); @@ -637,13 +640,17 @@ static bool get_hash(rzip_control *control, int make_hash) termios_p.c_lflag &= ~ECHO; tcsetattr(fileno(stdin), 0, &termios_p); retry_pass: - print_output("Enter passphrase: "); + if (prompt) + print_output("Enter passphrase: "); control->salt_pass_len = get_pass(control, passphrase) + SALT_LEN; - print_output("\n"); - if (make_hash) { - print_output("Re-enter passphrase: "); - get_pass(control, testphrase); + if (prompt) print_output("\n"); + if (make_hash) { + if (prompt) + print_output("Re-enter passphrase: "); + get_pass(control, testphrase); + if (prompt) + print_output("\n"); if (strcmp(passphrase, testphrase)) { print_output("Passwords do not match. Try again.\n"); goto retry_pass; diff --git a/lrzip_private.h b/lrzip_private.h index 225df71..a83d747 100644 --- a/lrzip_private.h +++ b/lrzip_private.h @@ -422,6 +422,7 @@ struct rzip_control { uchar *salt_pass; int salt_pass_len; uchar *hash; + char *passphrase; pthread_mutex_t control_lock; unsigned char eof; diff --git a/main.c b/main.c index 4e78696..22dce01 100644 --- a/main.c +++ b/main.c @@ -79,7 +79,7 @@ static void usage(bool compat) } else print_output(" -c, -C, --check check integrity of file written on decompression\n"); print_output(" -d, --decompress decompress\n"); - print_output(" -e, --encrypt password protected sha512/aes128 encryption on compression\n"); + print_output(" -e, --encrypt[=password] password protected sha512/aes128 encryption on compression\n"); print_output(" -h, -?, --help show help\n"); print_output(" -H, --hash display md5 hash integrity information\n"); print_output(" -i, --info show compressed file information\n"); @@ -228,7 +228,7 @@ static struct option long_options[] = { {"check", no_argument, 0, 'C'}, {"decompress", no_argument, 0, 'd'}, {"delete", no_argument, 0, 'D'}, - {"encrypt", no_argument, 0, 'e'}, /* 5 */ + {"encrypt", optional_argument, 0, 'e'}, /* 5 */ {"force", no_argument, 0, 'f'}, {"gzip", no_argument, 0, 'g'}, {"help", no_argument, 0, 'h'}, @@ -374,6 +374,7 @@ int main(int argc, char *argv[]) break; case 'e': control->flags |= FLAG_ENCRYPT; + control->passphrase = optarg; break; case 'f': control->flags |= FLAG_FORCE_REPLACE; diff --git a/man/lrz.1.pod b/man/lrz.1.pod index efd44d2..ccc64e2 100644 --- a/man/lrz.1.pod +++ b/man/lrz.1.pod @@ -85,7 +85,7 @@ Check integrity of file written on decompression. Decompress. -=item B<--encrypt> +=item B<--encrypt>[=I] =item B<-e> diff --git a/man/lrzip.1 b/man/lrzip.1 index ebb37ac..5891650 100644 --- a/man/lrzip.1 +++ b/man/lrzip.1 @@ -38,7 +38,7 @@ Here is a summary of the options to lrzip\&. General options: \-c, \-\-check check integrity of file written on decompression \-d, \-\-decompress decompress - \-e, \-\-encrypt password protected sha512/aes128 encryption on compression + \-e, \-\-encrypt[=password] password protected sha512/aes128 encryption on compression \-h, \-?, \-\-help show help \-H, \-\-hash display md5 hash integrity information \-i, \-\-info show compressed file information @@ -102,6 +102,7 @@ the name used to launch the program. If it contains the string "lrzcat" then the \-d \-o \- options are automatically set. .IP .IP "\fB-e\fP" +.IP "\fB\-\-encrypt\fP[=\fIpassword\fP]" Encrypt. This option enables high grade password encryption using a combination of multiply sha512 hashed password, random salt and aes128 CBC encryption. Passwords up to 500 characters long are supported, and the encryption mechanism