Provide tool to re-encrypt keystore

To change your password, for example.

Assigned to
10 months ago
6 days ago
No labels applied.

~stonks3141 8 days ago

I'd like to work on this. I was thinking that the implementation could be a subcommand of a new hictl program, and himitsu-init would become hictl init. It would:

  1. Check if himitsud is running and exit with an error if so
  2. Move the store to index.old
  3. Prompt for the old passphrase
  4. Decrypt the store in memory
  5. Prompt for the new one twice like himitsu-init does
  6. Reencrypt and write the store with the new passphrase
  7. Remove index.old

I'm not sure if that's the best order of operations, but I'll get started on the implementation soon unless anyone wants to discuss anything.

~sircmpwn 6 days ago

fwiw you can currently re-encrypt the keystore very unix-like:

hiq -d > keys
# recreate store
hiq -a < keys

~stonks3141 6 days ago

In that case maybe just adding that oneliner to the man page would be better.

~stonks3141 6 days ago

The only concern with that I can think of is that hiq would only prompt for the password once, but this could be mitigated by running himitsu-init before re-adding the store entries.

Register here or Log in to comment, or comment via email.