From 4eb2531aab1abae8c34f41ca44ec1caf6469ea83 Mon Sep 17 00:00:00 2001
From: Tom Ryder <tom@sanctum.geek.nz>
Date: Sat, 14 Oct 2017 01:34:05 +1300
Subject: Add sign/encrypt options

Default signing to off; step 1 to mitigating the terrible literal
passphrase passing.
---
 lib/Mail/Run/Crypt.pm | 40 +++++++++++++++++++++++++++++++++++-----
 1 file changed, 35 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/Mail/Run/Crypt.pm b/lib/Mail/Run/Crypt.pm
index a81735d..4d7f74d 100644
--- a/lib/Mail/Run/Crypt.pm
+++ b/lib/Mail/Run/Crypt.pm
@@ -30,15 +30,26 @@ sub new {
     # Blindly slurp in all the options given
     my $self = {%opts};
 
-    # We must have a key ID and a recipient, but not necessarily a passphrase
-    for my $req (qw(keyid mailto)) {
-        $self->{$req} // croak "$req required";
-    }
+    # We must have a recipient
+    defined $self->{mailto}
+      or croak 'mailto required';
 
     # Default the instance name to the package name if it wasn't given;
     # runcrypt(1p) will pass it in
     $self->{name} //= $class;
 
+    # We default to encrypting but not signing
+    $self->{encrypt} //= 1;
+    $self->{sign}    //= 0;
+
+    # If signing, we need a key ID and a passphrase
+    if ( $self->{sign} ) {
+        defined $self->{keyid}
+          or croak 'keyid required for signing';
+        defined $self->{passphrase}
+          or croak 'passphrase required for signing';
+    }
+
     # Return objectified self
     return bless $self, $class;
 }
@@ -90,7 +101,17 @@ sub _mail {
         key        => $self->{keyid},
         passphrase => $self->{passphrase},
     );
-    $mgpg->mime_signencrypt( $mime, $self->{mailto} );
+
+    # Sign and/or encrypt as appropriate
+    if ( $self->{sign} and $self->{encrypt} ) {
+        $mgpg->mime_signencrypt( $mime, $self->{mailto} );
+    }
+    elsif ( $self->{sign} ) {
+        $mgpg->mime_sign( $mime, $self->{mailto} );
+    }
+    elsif ( $self->{encrypt} ) {
+        $mgpg->mime_encrypt( $mime, $self->{mailto} );
+    }
 
     # Send it
     return $mime->send();
@@ -150,6 +171,15 @@ Constructor accepts the following named parameters:
 
 =over 4
 
+=item C<sign>
+
+Whether to sign the command output. This defaults to off. A key ID and
+passphrase will be required for signing.
+
+=item C<encrypt>
+
+Whether to encrypt the command output. This defaults to on.
+
 =item C<keyid>
 
 The GnuPG key ID that should be used to encrypt the messages.
-- 
cgit v1.2.3