update: add perms warning

main
_ 2021-01-19 18:22:22 -06:00
parent ce917e7348
commit 278d591954
2 changed files with 12 additions and 6 deletions

View File

@ -1,4 +1,5 @@
#include <chrono> #include <chrono>
#include <filesystem>
#include <fstream> #include <fstream>
#include <iostream> #include <iostream>
#include <optional> #include <optional>
@ -20,6 +21,7 @@
using namespace std; using namespace std;
using nlohmann::json; using nlohmann::json;
using namespace BareMinimumCrypto; using namespace BareMinimumCrypto;
namespace fs = std::filesystem;
int file (const string & file_path) { int file (const string & file_path) {
cout << "Reading `" << file_path << "`" << endl; cout << "Reading `" << file_path << "`" << endl;
@ -50,24 +52,30 @@ int file (const string & file_path) {
if (schema == "3T6XF5DZ") { if (schema == "3T6XF5DZ") {
cout << "File is a passphrase-protected secret key" << endl; cout << "File is a passphrase-protected secret key" << endl;
// Read msgpack fields
const Instant time_created (j ["time_created"]); const Instant time_created (j ["time_created"]);
const auto pubkey = j ["pubkey"].get_binary (); const auto pubkey = j ["pubkey"].get_binary ();
const string key_machine_id = j ["machine_id"]; const string key_machine_id = j ["machine_id"];
const auto our_machine_id = get_machine_id (); // Read data from other places
const auto now = Instant::now (); const auto now = Instant::now ();
// Print normal stuff
cout << "Generated at Unix time " << time_created.x cout << "Generated at Unix time " << time_created.x
<< " (" << now.x - time_created.x << " seconds ago)" << " (" << now.x - time_created.x << " seconds ago)"
<< endl; << endl;
cout << "Generated on machine ID " << key_machine_id << endl; cout << "Generated on machine ID " << key_machine_id << endl;
cout << "Claims to have Base64 pubkey " << base64_encode (pubkey) << endl; cout << "Claims to have Base64 pubkey " << base64_encode (pubkey) << endl;
// Print warnings
if (now.x < time_created.x) { if (now.x < time_created.x) {
cout << "The key was generated in the past. Someone's clock is wrong." << endl; cout << "* The key was generated in the past. Someone's clock is wrong." << endl;
} }
if (our_machine_id != key_machine_id) { if (get_machine_id () != key_machine_id) {
cout << "The key was generated on another machine. You should report this." << endl; cout << "* The key was generated on another machine. You should report this." << endl;
}
if (fs::status (file_path).permissions () != fs::perms::owner_read) {
cout << "* The key doesn't have the right permissions. Try `chmod 400` on it." << endl;
} }
} }
else { else {

View File

@ -37,8 +37,6 @@ namespace BareMinimumCrypto {
static optional <SigningKey> load_from_file (const string & file_path, const string & passphrase); static optional <SigningKey> load_from_file (const string & file_path, const string & passphrase);
static optional <SigningKeyFile> check_file (const string & file_path);
vector <uint8_t> pubkey () const; vector <uint8_t> pubkey () const;
vector <uint8_t> pub_to_msgpack () const; vector <uint8_t> pub_to_msgpack () const;