[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-recutils] First Feedback to encryption feature
From: |
Sven Wick |
Subject: |
[bug-recutils] First Feedback to encryption feature |
Date: |
Fri, 07 Oct 2011 00:21:34 +0200 |
User-agent: |
RoundCube Webmail/0.2.2 |
Hi Jose,
just tried the encryption feature
and I really like it. Just simple :-)
Here some points I noticed.
1) recsel --help typo
-s encrypt confidential fields with the given password
Should say "decrypt"
2) recins silently ignores password
$ recins -f user -v swick -f password -v topsecret -s password
secrets.rec
The record is silently inserted but not encrypted
because I didn't defined the record type ( -t passwords )
which includes the confidential field.
$ recins -t passwords -f user -v swick -f password -v topsecret -s
password secrets.rec
A warning message would be nice:
"A password string for encryption was given,
but there is no confidential field
in the record descriptor"
3) recfix stacks XORs
Let's say I have this little rec file:
%rec: passwords
%confidential: password
username: swick
password: topsecret
Doing a
$ recfix --encrypt -s mypassword secrets.rec
fixes un-encrypted records as designed:
%rec: passwords
%confidential: password
username: swick
password: encrypted-abcdefgh==
Now I add a new record manually with vim (or emacs :-) ) :
%rec: passwords
%confidential: password
username: swick
password: encrypted-abcdefgh==
username: ballmer
password: I-Love-GNU
If I now forget to "--decrypt" first,
then the first password value gets XOR-ed twice:
%rec: passwords
%confidential: password
username: swick
password: encrypted-aGhghgf54JHjhghgfHFggfdGDFSD==
username: ballmer
password: encrypted-ijklmno==
Maybe checking first for any encrypted data
and a warning message would be helpful.
Something like:
The file contains encrypted data.
Please "--decrypt" first.
By giving the hint to decrypt first,
this also ensures, that the same password
string is used on subsequent encryptions.
Cheers,
Sven
- [bug-recutils] First Feedback to encryption feature,
Sven Wick <=