From b1e7920d25d22cd46d259bae88a9b26a9f6f5bed Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Sun, 22 Dec 2013 14:04:22 -0800 Subject: [PATCH] Add optional PGPKey-wide passphrase caching Entering your passphrase for each secret key packet is annoying. The cache_passphrase option lets you cache that passphrase once, and reuse it for every secret key PGPPacket in the key. --- gpg-migrate.py | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/gpg-migrate.py b/gpg-migrate.py index 4290551..de00b49 100755 --- a/gpg-migrate.py +++ b/gpg-migrate.py @@ -927,9 +927,14 @@ class PGPPacket (dict): padding = segment_size_bytes - len(data) % segment_size_bytes if padding: data += b'\x00' * padding - passphrase = _getpass.getpass( - 'passphrase for {}: '.format(self['fingerprint'][-8:])) - passphrase = passphrase.encode('ascii') + if self.key and self.key._cache_passphrase and self.key._passphrase: + passphrase = self.key._passphrase + else: + passphrase = _getpass.getpass( + 'passphrase for {}: '.format(self['fingerprint'][-8:])) + passphrase = passphrase.encode('ascii') + if self.key and self.key._cache_passphrase: + self.key._passphrase = passphrase key = self._string_to_key(string=passphrase, key_size=key_size) cipher = module.new( key=key, @@ -978,8 +983,10 @@ class PGPKey (object): [1]: http://tools.ietf.org/search/rfc4880#section-11.1 [2]: http://tools.ietf.org/search/rfc4880#section-11.2 """ - def __init__(self, fingerprint): + def __init__(self, fingerprint, cache_passphrase=False): self.fingerprint = fingerprint + self._cache_passphrase = cache_passphrase + self._passphrase = None self.public_packets = None self.secret_packets = None @@ -1032,16 +1039,16 @@ class PGPKey (object): pass -def migrate(old_key, new_key): +def migrate(old_key, new_key, cache_passphrase=False): """Add the old key and sub-keys to the new key For example, to upgrade your master key, while preserving old signatures you'd made. You will lose signature *on* your old key though, since sub-keys can't be signed (I don't think). """ - old_key = PGPKey(fingerprint=old_key) + old_key = PGPKey(fingerprint=old_key, cache_passphrase=cache_passphrase) old_key.import_from_gpg() - new_key = PGPKey(fingerprint=new_key) + new_key = PGPKey(fingerprint=new_key, cache_passphrase=cache_passphrase) new_key.import_from_gpg() new_key.import_from_key(key=old_key) @@ -1053,4 +1060,4 @@ if __name__ == '__main__': import sys as _sys old_key, new_key = _sys.argv[1:3] - migrate(old_key=old_key, new_key=new_key) + migrate(old_key=old_key, new_key=new_key, cache_passphrase=True) -- 2.26.2