Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn if throw-keyids is set #1759

Merged
merged 1 commit into from Feb 1, 2021
Merged

Warn if throw-keyids is set #1759

merged 1 commit into from Feb 1, 2021

Conversation

dominikschulz
Copy link
Member

@dominikschulz dominikschulz commented Jan 25, 2021
edited

Fixes #1756

Signed-off-by: Dominik Schulz dominik.schulz@gauner.org

@dominikschulz dominikschulz added the gpg GPG related label Jan 25, 2021
@dominikschulz dominikschulz added this to the 1.12.0 milestone Jan 25, 2021
@AnomalRoil
Copy link
Member

IMO this should be documented somewhere, because people that do not include key ids are typically doing it on purpose to try and stay anonymous and we don't want to undermine their effort if they think it is important for them, do we?

@dominikschulz
Copy link
Member Author

Good point, yes.
But this only affects gopass secrets.
Yes, people might want to apply this to secrets as well, but it just doesn't work well with our expectations.

@AnomalRoil
Copy link
Member

Well I disagree, this works well with Gopass since GPG will simply try ever secret key in the key ring during a decryption attempt if this option was used upon encryption.

So Gopass itself is not hindered in anyway by the throw-id setting.

@dominikschulz
Copy link
Member Author

The point is that some operations won't work as expected.

With age it's similar and there is not option to disable that.

So maybe we should only warn instead?
Or just ignore this setting and let the user figure it out?

@dominikschulz
Warn when throw-keyids is set
c47a2d1 
Fixes gopasspw#1756

RELEASE_NOTES=[BUGFIX] Warn about --throw-keyids

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
@dominikschulz dominikschulz changed the title Disable --throw-keyids when encrypting with gpg Warn if throw-keyids is set Jan 26, 2021
@dominikschulz
Copy link
Member Author

Updated the PR to only warn about throw-keyids, not override it.

AnomalRoil
AnomalRoil approved these changes Feb 1, 2021
View reviewed changes
internal/backend/crypto/gpg/cli/gpg.go
@@ -33,6 +33,7 @@ type GPG struct {
pubKeys gpg.KeyList
privKeys gpg.KeyList
listCache *lru.TwoQueueCache
throwKids bool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Poor kids 😆

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No kids were harmed in making this PR ;)

@AnomalRoil AnomalRoil merged commit 6dcd489 into gopasspw:master Feb 1, 2021
@dominikschulz dominikschulz deleted the fix/issue-1756 branch February 2, 2021 07:49
@pdecat pdecat mentioned this pull request Apr 5, 2021
Closed
kpitt pushed a commit to kpitt/gopass that referenced this pull request Jul 21, 2022
@dominikschulz
Warn when throw-keyids is set (gopasspw#1759)
d1af426 
Fixes gopasspw#1756

RELEASE_NOTES=[BUGFIX] Warn about --throw-keyids

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AnomalRoil AnomalRoil AnomalRoil approved these changes

Assignees
No one assigned
Labels
gpg GPG related
Projects
None yet
Milestone
1.12.0
Development

Successfully merging this pull request may close these issues.

RFE: detect when encryption recipients aren't being set
2 participants
@dominikschulz @AnomalRoil