A reimplementation of Peter Palfrader's pwstore
- implemented in ruby, leveraging ruby-gpgme and thor
- command line interface differs: 'add' for 'ed -n', 'edit' for 'ed', 'encrypt' for 'rc'
- compatible with
~/.pws.yamlbut not with~/.pws-trusted-users - compatible with
/some/path/pwstore/.usersbut labels must be defined before being used - uses user's keyring and ignores
/some/path/pwstore/.keyring
Ultimately, the purpose of both pwstore and this reimplementation is two-fold:
- to ensure that the encryption recipients are correct and complete by
validating access lines (first line of a file) against the users and groups
defined in
/some/path/pwstore/.users - to prevent plaintext copies from being generated by leveraging ruby's
Tempfile class which automatically deletes the temporary file when the
object goes out of scope, and by invoking the editor -- via
system()-- to edit the temporary file
Four opportunities remain:
- determine whether ruby-gpgme permits the use of an alternate public keyring: this
would allow this reimplementation to make use of
/some/path/pwstore/.keyring - determine whether ruby-gpgme could emit the encryption recipients of an encrypted file without explicitly decrypting it (by examining the underlying packets): this would allow the 'dir' command to be implemented so that encrypted files may be verified as having been encrypted for the appropriate recipients while avoiding the overhead of decryption or the irritation of prompting for the private key passphrase
- determine whether ruby-gpgme can import public keys from keyservers: this would allow us to avoid retrieving public keys from https://sks-keyservers.net/pks/lookup
- transition
/some/path/pwstore/.usersto YAML (required coordination)