Beispiel #1
0
func (c *CmdDeprovision) getBigScaryWarning(username string) (string, error) {
	// If the user is logged out, warn that we won't revoke their keys.
	loggedOutWarning := ""
	if !c.loggedIn {
		loggedOutWarning = `

Note that you aren't currently logged in. That means we won't publicly revoke
this device's keys. To do that from another device, use 'keybase device remove'.`
	}

	// If the user has PGP secret keys in the SKBKeyring, print an additional warning.
	keyring, err := libkb.LoadSKBKeyring(libkb.NewNormalizedUsername(username), c.G())
	if err != nil {
		return "", err
	}
	pgpWarning := ""
	if keyring.HasPGPKeys() {
		pgpWarning = fmt.Sprintf(`

Also, the secret keyring you're about to delete contains PGP keys. To list them
or copy them, use %s.`, "`keybase pgp export`")
	}

	// TODO: Print a list of the other devices on the user's account.
	return fmt.Sprintf(`
%s, BE CAREFUL!  \('o')/

You are about to delete this device from your account, including its secret
keys. If you don't have any other devices, you'll lose access to your account
and all your data!%s%s

Proceed?`, username, loggedOutWarning, pgpWarning), nil
}
Beispiel #2
0
func (c *CmdDeprovision) getBigScaryWarning(username string) (string, error) {
	// If the user has PGP secret keys in the SKBKeyring, print an additional warning.
	keyring, err := libkb.LoadSKBKeyring(libkb.NewNormalizedUsername(username), c.G())
	if err != nil {
		return "", err
	}
	pgpWarning := ""
	if keyring.HasPGPKeys() {
		pgpWarning = fmt.Sprintf(`

Also, the secret keyring you're about to delete contains PGP keys. To list them
or copy them, use %s.`, "`keybase pgp export`")
	}

	// TODO: Print a list of the other devices on the user's account.
	return fmt.Sprintf(`
%s, BE CAREFUL!  \('o')/

You are about to delete this device from your account, including its secret
keys. If you don't have any other devices, you'll lose access to your account
and all your data!%s

Proceed?`, username, pgpWarning), nil
}
Beispiel #3
0
// Make sure passphrase generations are stored properly alongside encrypted keys.
// We'll create a user, check the ppgens of the inital pair of keys, change the
// passphrase, create a new key, and then they the ppgen of that new one (which
// should be higher).
func TestPassphraseGenerationStored(t *testing.T) {
	tc := SetupEngineTest(t, "PassphraseChange")
	defer tc.Cleanup()

	u := CreateAndSignupFakeUser(tc, "login")

	// All of the keys initially created with the user should be stored as
	// passphrase generation 1.
	skbKeyringFile, err := libkb.LoadSKBKeyring(u.NormalizedUsername(), tc.G)
	if err != nil {
		t.Fatal(err)
	}
	initialGenerationOneCount := 0
	for _, block := range skbKeyringFile.Blocks {
		if block.Priv.PassphraseGeneration != 1 {
			t.Fatalf("Expected all encrypted keys to be ppgen 1. Found %d.",
				block.Priv.PassphraseGeneration)
		}
		initialGenerationOneCount++
	}

	//
	// Do a passphrase change.
	//
	newPassphrase := "password1234"
	arg := &keybase1.PassphraseChangeArg{
		OldPassphrase: u.Passphrase,
		Passphrase:    newPassphrase,
	}
	ctx := &Context{
		LogUI:    tc.G.UI.GetLogUI(),
		SecretUI: u.NewSecretUI(),
	}
	eng := NewPassphraseChange(arg, tc.G)
	if err := RunEngine(eng, ctx); err != nil {
		t.Fatal(err)
	}
	u.Passphrase = newPassphrase

	//
	// Now, generate a new key. This one should be stored with ppgen 2.
	//
	pgpArg := PGPKeyImportEngineArg{
		Gen: &libkb.PGPGenArg{
			PrimaryBits: 768,
			SubkeyBits:  768,
		},
	}
	pgpArg.Gen.MakeAllIds()
	pgpEng := NewPGPKeyImportEngine(pgpArg)
	pgpCtx := &Context{
		LogUI:    tc.G.UI.GetLogUI(),
		SecretUI: u.NewSecretUI(),
	}
	err = RunEngine(pgpEng, pgpCtx)
	if err != nil {
		t.Fatal(err)
	}

	//
	// Finally, check that the new key (and only the new key) is marked as ppgen 2.
	//
	finalSKBKeyringFile, err := libkb.LoadSKBKeyring(u.NormalizedUsername(), tc.G)
	if err != nil {
		t.Fatal(err)
	}
	finalGenOneCount := 0
	finalGenTwoCount := 0
	for _, block := range finalSKBKeyringFile.Blocks {
		if block.Priv.PassphraseGeneration == 1 {
			finalGenOneCount++
		} else if block.Priv.PassphraseGeneration == 2 {
			finalGenTwoCount++
		} else {
			t.Fatalf("Expected all encrypted keys to be ppgen 1 or 2. Found %d.",
				block.Priv.PassphraseGeneration)
		}
	}
	if finalGenOneCount != initialGenerationOneCount {
		t.Fatalf("Expected initial count of ppgen 1 keys (%d) to equal final count (%d).",
			initialGenerationOneCount, finalGenOneCount)
	}
	if finalGenTwoCount != 1 {
		t.Fatalf("Expected one key in ppgen 2. Found %d keys.", finalGenTwoCount)
	}
}