implement password roundtrip, fixes #695

2016-03-05 16:21:44 +01:00 · 2016-03-05 16:21:44 +01:00 · 95c4cf221d
parent 96702ec1e3
commit 95c4cf221d
3 changed files with 25 additions and 1 deletions
--- a/borg/key.py
+++ b/borg/key.py
@ -7,7 +7,7 @@ import textwrap
 from hmac import HMAC, compare_digest
 from hashlib import sha256, pbkdf2_hmac

-from .helpers import IntegrityError, get_keys_dir, Error
+from .helpers import IntegrityError, get_keys_dir, Error, yes
 from .logger import create_logger
 logger = create_logger()

@ -184,6 +184,23 @@ class Passphrase(str):
    def getpass(cls, prompt):
        return cls(getpass.getpass(prompt))

+    @classmethod
+    def verification(cls, passphrase):
+        if yes('Do you want your passphrase to be displayed for verification? [yN]: ',
+               env_var_override='BORG_DISPLAY_PASSPHRASE'):
+            print('Your passphrase (between double-quotes): "%s"' % passphrase,
+                  file=sys.stderr)
+            print('Make sure the passphrase displayed above is exactly what you wanted.',
+                  file=sys.stderr)
+            try:
+                passphrase.encode('ascii')
+            except UnicodeEncodeError:
+                print('Your passphrase (UTF-8 encoding in hex): %s' %
+                      hexlify(passphrase.encode('utf-8')).decode('ascii'),
+                      file=sys.stderr)
+                print('As you have a non-ASCII passphrase, it is recommended to keep the UTF-8 encoding in hex together with the passphrase at a safe place.',
+                      file=sys.stderr)
+
    @classmethod
    def new(cls, allow_empty=False):
        passphrase = cls.env_passphrase()
@ -194,6 +211,7 @@ class Passphrase(str):
            if allow_empty or passphrase:
                passphrase2 = cls.getpass('Enter same passphrase again: ')
                if passphrase == passphrase2:
+                    cls.verification(passphrase)
                    logger.info('Remember your passphrase. Your data will be inaccessible without it.')
                    return passphrase
                else:
--- a/docs/changes.rst
+++ b/docs/changes.rst
@ -65,6 +65,10 @@ Compatibility notes:
  if you give a timestamp via cli this is stored into 'time', therefore it now
  needs to mean archive creation start time.

+New features:
+
+- implement password roundtrip, #695
+
 Bug fixes:

 - remote end does not need cache nor keys directories, do not create them, #701
--- a/docs/usage.rst
+++ b/docs/usage.rst
@ -63,6 +63,8 @@ General:
        can either leave it away or abbreviate as `::`, if a positional parameter is required.
    BORG_PASSPHRASE
        When set, use the value to answer the passphrase question for encrypted repositories.
+    BORG_DISPLAY_PASSPHRASE
+        When set, use the value to answer the "display the passphrase for verification" question when defining a new passphrase for encrypted repositories.
    BORG_LOGGING_CONF
        When set, use the given filename as INI_-style logging configuration.
    BORG_RSH