mirror of
https://github.com/ckolivas/lrzip.git
synced 2025-12-06 07:12:00 +01:00
Enable specifying the passphrase as an argument to option 'encrypt'
For various use cases it is desirable to be able to specify the passphrase for a password protected encryption on the command line. So allow option 'encrypt' to have an optional argument and set control->passphrase to this argument if it is given. Read the passphrase (and prompt for it) only from standard input if not given on the command line. Additionally, update documentation. This fixes github issue #72, reported by aivanise.
This commit is contained in:
Ingo Brückl
Con Kolivas
parent
a91cfd16d2
commit
6b50431410
9
lrzip.c
9
lrzip.c
|
|
@ -586,7 +586,9 @@ static int get_pass(rzip_control *control, char *s)
|
|||
int len;
|
||||
|
||||
memset(s, 0, PASS_LEN - SALT_LEN);
|
||||
if (unlikely(fgets(s, PASS_LEN - SALT_LEN, stdin) == NULL))
|
||||
if (control->passphrase)
|
||||
strncpy(s, control->passphrase, PASS_LEN - SALT_LEN - 1);
|
||||
else if (unlikely(fgets(s, PASS_LEN - SALT_LEN, stdin) == NULL))
|
||||
failure_return(("Failed to retrieve passphrase\n"), -1);
|
||||
len = strlen(s);
|
||||
if (len > 0 && ('\r' == s[len - 1] || '\n' == s[len - 1]))
|
||||
|
|
@ -603,6 +605,7 @@ static bool get_hash(rzip_control *control, int make_hash)
|
|||
{
|
||||
char *passphrase, *testphrase;
|
||||
struct termios termios_p;
|
||||
int prompt = control->passphrase == NULL;
|
||||
|
||||
passphrase = calloc(PASS_LEN, 1);
|
||||
testphrase = calloc(PASS_LEN, 1);
|
||||
|
|
@ -637,12 +640,16 @@ static bool get_hash(rzip_control *control, int make_hash)
|
|||
termios_p.c_lflag &= ~ECHO;
|
||||
tcsetattr(fileno(stdin), 0, &termios_p);
|
||||
retry_pass:
|
||||
if (prompt)
|
||||
print_output("Enter passphrase: ");
|
||||
control->salt_pass_len = get_pass(control, passphrase) + SALT_LEN;
|
||||
if (prompt)
|
||||
print_output("\n");
|
||||
if (make_hash) {
|
||||
if (prompt)
|
||||
print_output("Re-enter passphrase: ");
|
||||
get_pass(control, testphrase);
|
||||
if (prompt)
|
||||
print_output("\n");
|
||||
if (strcmp(passphrase, testphrase)) {
|
||||
print_output("Passwords do not match. Try again.\n");
|
||||
|
|
|
|||
|
|
@ -422,6 +422,7 @@ struct rzip_control {
|
|||
uchar *salt_pass;
|
||||
int salt_pass_len;
|
||||
uchar *hash;
|
||||
char *passphrase;
|
||||
|
||||
pthread_mutex_t control_lock;
|
||||
unsigned char eof;
|
||||
|
|
|
|||
5
main.c
5
main.c
|
|
@ -79,7 +79,7 @@ static void usage(bool compat)
|
|||
} else
|
||||
print_output(" -c, -C, --check check integrity of file written on decompression\n");
|
||||
print_output(" -d, --decompress decompress\n");
|
||||
print_output(" -e, --encrypt password protected sha512/aes128 encryption on compression\n");
|
||||
print_output(" -e, --encrypt[=password] password protected sha512/aes128 encryption on compression\n");
|
||||
print_output(" -h, -?, --help show help\n");
|
||||
print_output(" -H, --hash display md5 hash integrity information\n");
|
||||
print_output(" -i, --info show compressed file information\n");
|
||||
|
|
@ -228,7 +228,7 @@ static struct option long_options[] = {
|
|||
{"check", no_argument, 0, 'C'},
|
||||
{"decompress", no_argument, 0, 'd'},
|
||||
{"delete", no_argument, 0, 'D'},
|
||||
{"encrypt", no_argument, 0, 'e'}, /* 5 */
|
||||
{"encrypt", optional_argument, 0, 'e'}, /* 5 */
|
||||
{"force", no_argument, 0, 'f'},
|
||||
{"gzip", no_argument, 0, 'g'},
|
||||
{"help", no_argument, 0, 'h'},
|
||||
|
|
@ -374,6 +374,7 @@ int main(int argc, char *argv[])
|
|||
break;
|
||||
case 'e':
|
||||
control->flags |= FLAG_ENCRYPT;
|
||||
control->passphrase = optarg;
|
||||
break;
|
||||
case 'f':
|
||||
control->flags |= FLAG_FORCE_REPLACE;
|
||||
|
|
|
|||
|
|
@ -85,7 +85,7 @@ Check integrity of file written on decompression.
|
|||
Decompress.
|
||||
|
||||
|
||||
=item B<--encrypt>
|
||||
=item B<--encrypt>[=I<password>]
|
||||
|
||||
=item B<-e>
|
||||
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ Here is a summary of the options to lrzip\&.
|
|||
General options:
|
||||
\-c, \-\-check check integrity of file written on decompression
|
||||
\-d, \-\-decompress decompress
|
||||
\-e, \-\-encrypt password protected sha512/aes128 encryption on compression
|
||||
\-e, \-\-encrypt[=password] password protected sha512/aes128 encryption on compression
|
||||
\-h, \-?, \-\-help show help
|
||||
\-H, \-\-hash display md5 hash integrity information
|
||||
\-i, \-\-info show compressed file information
|
||||
|
|
@ -102,6 +102,7 @@ the name used to launch the program. If it contains the string
|
|||
"lrzcat" then the \-d \-o \- options are automatically set.
|
||||
.IP
|
||||
.IP "\fB-e\fP"
|
||||
.IP "\fB\-\-encrypt\fP[=\fIpassword\fP]"
|
||||
Encrypt. This option enables high grade password encryption using a combination
|
||||
of multiply sha512 hashed password, random salt and aes128 CBC encryption.
|
||||
Passwords up to 500 characters long are supported, and the encryption mechanism
|
||||
|
|
|
|||
Loading…
Reference in a new issue