From 95c4cf221d78b41d7879d4d62d1ab0aa3e840357 Mon Sep 17 00:00:00 2001
From: Thomas Waldmann <tw@waldmann-edv.de>
Date: Sat, 5 Mar 2016 16:21:44 +0100
Subject: [PATCH] implement password roundtrip, fixes #695

---
 borg/key.py      | 20 +++++++++++++++++++-
 docs/changes.rst |  4 ++++
 docs/usage.rst   |  2 ++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/borg/key.py b/borg/key.py
index cf7f72a78..113214ab6 100644
--- a/borg/key.py
+++ b/borg/key.py
@@ -7,7 +7,7 @@ import textwrap
 from hmac import HMAC, compare_digest
 from hashlib import sha256, pbkdf2_hmac
 
-from .helpers import IntegrityError, get_keys_dir, Error
+from .helpers import IntegrityError, get_keys_dir, Error, yes
 from .logger import create_logger
 logger = create_logger()
 
@@ -184,6 +184,23 @@ class Passphrase(str):
     def getpass(cls, prompt):
         return cls(getpass.getpass(prompt))
 
+    @classmethod
+    def verification(cls, passphrase):
+        if yes('Do you want your passphrase to be displayed for verification? [yN]: ',
+               env_var_override='BORG_DISPLAY_PASSPHRASE'):
+            print('Your passphrase (between double-quotes): "%s"' % passphrase,
+                  file=sys.stderr)
+            print('Make sure the passphrase displayed above is exactly what you wanted.',
+                  file=sys.stderr)
+            try:
+                passphrase.encode('ascii')
+            except UnicodeEncodeError:
+                print('Your passphrase (UTF-8 encoding in hex): %s' %
+                      hexlify(passphrase.encode('utf-8')).decode('ascii'),
+                      file=sys.stderr)
+                print('As you have a non-ASCII passphrase, it is recommended to keep the UTF-8 encoding in hex together with the passphrase at a safe place.',
+                      file=sys.stderr)
+
     @classmethod
     def new(cls, allow_empty=False):
         passphrase = cls.env_passphrase()
@@ -194,6 +211,7 @@ class Passphrase(str):
             if allow_empty or passphrase:
                 passphrase2 = cls.getpass('Enter same passphrase again: ')
                 if passphrase == passphrase2:
+                    cls.verification(passphrase)
                     logger.info('Remember your passphrase. Your data will be inaccessible without it.')
                     return passphrase
                 else:
diff --git a/docs/changes.rst b/docs/changes.rst
index 0fd08477b..ead730ad3 100644
--- a/docs/changes.rst
+++ b/docs/changes.rst
@@ -65,6 +65,10 @@ Compatibility notes:
   if you give a timestamp via cli this is stored into 'time', therefore it now
   needs to mean archive creation start time.
 
+New features:
+
+- implement password roundtrip, #695
+
 Bug fixes:
 
 - remote end does not need cache nor keys directories, do not create them, #701
diff --git a/docs/usage.rst b/docs/usage.rst
index 570737d1a..a016e008a 100644
--- a/docs/usage.rst
+++ b/docs/usage.rst
@@ -63,6 +63,8 @@ General:
         can either leave it away or abbreviate as `::`, if a positional parameter is required.
     BORG_PASSPHRASE
         When set, use the value to answer the passphrase question for encrypted repositories.
+    BORG_DISPLAY_PASSPHRASE
+        When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
     BORG_LOGGING_CONF
         When set, use the given filename as INI_-style logging configuration.
     BORG_RSH