* fix(gpg): Opportunistic key comparison on import
When importing keys gopass was already checking if the key was already present.
However, GPG is very flexible in which kind of key IDs it accepts. So it could happen that gopass would ask to import a key that is already present in the keyring, but referenced by a different ID.
This change makes the check more robust by checking the key's fingerprint before asking for import. If a key with the same fingerprint is already present, the import is skipped.
* fix(gpg): Opportunistic key comparison on import
When importing keys gopass was already checking if the key was already present.
However, GPG is very flexible in which kind of key IDs it accepts. So it could happen that gopass would ask to import a key that is already present in the keyring, but referenced by a different ID.
This change makes the check more robust by checking the key's fingerprint before asking for import. If a key with the same fingerprint is already present, the import is skipped.
---------
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
The integration test for this feature (`TestAgeAgent`) is currently failing. The issue is that the test environment is non-interactive, and the code path for initializing a new age store requires a password for the identity keyring, which triggers a `pinentry` call that fails without a TTY. I have tried several approaches to work around this, including setting the `GOPASS_PASSWORD` environment variable and providing a custom pinentry script, but none have been successful so far. The core implementation of the agent is believed to be correct, but the integration test needs further work to run in a non-interactive environment.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* This change introduces an agent for the age backend to cache passphrases for age identities.
The agent is a long-running process that listens on a Unix domain socket. Gopass communicates with the agent to request decryption of secrets. The agent caches the passphrases for the identities and performs the decryption, so the passphrases never leave the agent process. This addresses the security concerns with the initial implementation.
The agent can be controlled with the following commands:
- `gopass age agent`: starts the agent in the foreground.
- `gopass age lock`: locks the agent, clearing all cached passphrases.
The age backend will automatically start the agent if it's not already running and the `age.agent-enabled` configuration option is set to `true` (the default).
This change includes:
- The implementation of the age agent in `internal/backend/crypto/age/agent/`.
- Modifications to the age backend to communicate with the agent.
- A new configuration option `age.agent-enabled`.
- Unit tests for the agent.
- Updated documentation for the age backend.
* Fix some test failures and add more logging.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* Fix lint error
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
* [fix] Fix integration tests
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---------
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit replaces some overly complex constructs with type
parameters.
Fixes#2030
RELEASE_NOTES=[ENHANCEMENT] Generics
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This PR adds a small release helper along with some documentation.
This should allow anyone with sufficient permissions to cut and push new
releases.
Fixes#1298
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This change makes exportability checks more idiomatic
and the interface a little less cluttered.
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This PR moves some packages from internal to pkg to increase the
independence of binaries in cmd/ from internal packages further.
RELEASE_NOTES=n/a
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit adds an experimental backend converter.
It's not fully finished / tested nor documented, so we hide the command
for now.
RELEASE_NOTES=[FEATURE] Add experimental backend converter.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
This commit adds a new debug package to gopass.
It is heavily inspired by github.com/restic/restic/internal/debug
and adapted for the gopass use case.
This change allows to further trim down the source code since the
new package doesn't propagate the debug flag in the context anymore.
As such we can now omit passing ctx in most places.
In order to ensure we don't accidentially keep passing ununsed
parameters we also introduce unparam to check for extra arguments.
RELEASE_NOTES=[ENHANCEMENT] New Debug package
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
aka unpopular opinions.
This commit removes a lot of weight and legacy as well as some features.
This wil break some exotic use cases which is regretable, but it is
inevitable and important to clean up these bad past design choices.
It removes some configuration options but most importantly it does
revert the decision to introduce an awkward custom backend URL
schema. This is an important step in the direction of zero configuration
and convention over configuration.
Fixes#569Fixes#1225
RELEASE_NOTES=[DEPRECATION] Remove askformore, autosync,
check_recipient_hash and concurrency options.
Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
