Merge branch '[4] branding_special_chars'

Dockerfile

@@ -0,0 +1,18 @@
+# Build with: docker build -t yubiset_arch .
+# Run with: docker run -it yubiset_arch /bin/bash
+# Remove Container(s) on Windows: for /F "tokens=*" %i in ('docker ps -aqf "ancestor=yubiset_arch"') do docker rm -f %i
+# Remove Container(s) on Unix: docker rm -f $(docker ps -aqf "ancestor=yubiset_arch")
+# Remove with: docker image rm -f yubiset_arch
+
+FROM archlinux:latest
+
+RUN groupadd -r usergroup && useradd --no-log-init -r -g usergroup user
+RUN mkdir /home/user
+ADD yubiset /home/user/yubiset
+RUN find /home/user/yubiset -exec chown user:usergroup {} \;
+#rw-r--r--
+RUN find /home/user/yubiset -type f -iname "*" -exec chmod 0644 {} \;
+#rwx-r--r--
+RUN find /home/user/yubiset -type f -iname "*.sh" -exec chmod 740 {} \;
+USER user
+WORKDIR /home/user/yubiset

README.md

@@ -6,7 +6,9 @@ It generates ["the perfect key pair"](https://blog.eleven-labs.com/en/openpgp-al
 
 The Yubikey is also provided with user info and PIN setup.
 
-The scripts do also feature a fully automatic heuristic for finding and setting up the correct (Windows) smart card slot device in case gpg does not find your Yubikey automatically.
+The scripts do also feature a fully automatic heuristic for finding and setting up the correct (Windows) smart card slot device in case gpg does not find your Yubikey automatically.  
+
+*Remember:* On most installations, scripts may be interrupted by pressing Ctrl+C.  
 
 - [YUBISET](#yubiset)
 - [What does it do?](#what-does-it-do)
@@ -39,7 +41,7 @@ The scripts do also feature a fully automatic heuristic for finding and setting
   * [README.md Table of Contents](#readmemd-table-of-contents)
 
 # Supported Environments
-* Windows (Batch)
+* Windows (CMD)
 * Windows ([git-bash](https://gitforwindows.org))
 * Unix (Bash)
 
@@ -72,7 +74,7 @@ The file is accompanied by the [SHA-512](https://en.wikipedia.org/wiki/SHA-2) ha
 ```
 # This makes sure, you downloaded an exact copy of the release from GitHub.
 sha512sum -c yubiset_vt.t.t.test.201907042021.sha512
-yubiset_vt.t.t.test.201907042021.zip: OK # This is the expected output.
+yubiset_vt.t.t.test.201907042021.zip: OK # This is the supposed output.
 
 ```
 
@@ -100,7 +102,7 @@ gpg --import JanMosigItemisGitHub.asc
 
 ### Start here: Key generation & Yubikey setup (all in one script)
 ```
-cd windows\batch
+cd windows\cmd
 yubiset.bat
 ```
 In case your Yubikey does only support subkeys of 2048bit length (like the NEO), use `yubiset.bat 4` instead.
@@ -110,7 +112,7 @@ The main script will use Powershell if it is available in order to hide the pass
 The following scripts may be used standalone but are also called from the `yubiset` main script:
 #### Move PGP keys to Yubikey only
 ```
-cd windows\batch
+cd windows\cmd
 setupyubi.bat "Given Name Surname" "[email protected]" "PGP key id" "passphrase"
 ```
 
@@ -119,18 +121,18 @@ If ```passphrase``` is omitted, it will be prompted for. The prompt will be hidd
 #### Reset Yubikey's OpenPGP module
 **BE AWARE:** Only tested with Yubikey 4 NEO and Yubikey 5
 ```
-cd windows\batch
+cd windows\cmd
 resetyubi.bat
 ```
 
 #### Find Yubikey Slot
 ```
-cd windows/batch
+cd windows\cmd
 findyubi.bat
 ```
 
 ### Key Branding  
-It is possible to "brand" your generated keys, i. e. give the user name and the comment a custom touch e. g. for your company. This can be controlled by editing the file `windows/batch/lib/branding.bat`.
+It is possible to "brand" your generated keys, i. e. give the user name and the comment a custom touch e. g. for your company. This can be controlled by editing the file `windows\cmd\lib\branding.bat`.
 
 The default will produce a key like this:
 
@@ -162,6 +164,8 @@ sec   rsa4096/0x94AF5E3D1575AC6A 2019-07-01 [C] [expires: 2020-06-30]
       Key fingerprint = 3B90 7B16 76E6 9F6F 59D1  D103 94AF 5E3D 1575 AC6A
 uid                   [ultimate] Max Muster (itemis AG) (Vocational OpenPGP key of itemis AG's Max Muster) <[email protected]>
 ```
+
+*Be aware:* GPG does not support arbitrary charaters in key comments. Especially parantheses '(' and ')' will cause problems. On Windows some additional characters may cause trouble, e. g. * ? & or %. Don't use them.
 
 ## Unix
 
@@ -216,6 +220,8 @@ sec   rsa4096/0x94AF5E3D1575AC6A 2019-07-01 [C] [expires: 2020-06-30]
 uid                   [ultimate] Max Muster (itemis AG) (Vocational OpenPGP key of itemis AG's Max Muster) <[email protected]>
 ```
 
+*Be aware:* GPG does not support arbitrary charaters in key comments. Especially parantheses '(' and ')' will cause problems. Don't use them.
+
 ### Override GPG Binaries
 Since the original bash scripts have been developed on Windows with git-bash and gpg4win, it was necessary to override the gpg binaries provided by git-bash with those of gpg4win.
 

unix/bash/lib/bootstrap.sh

@@ -10,7 +10,7 @@ end_with_error()
 	exit 1
 }
 
-if [[ -z "${yubiset_version}" ]] ; then declare -r yubiset_version="0.3.1" ; fi
+if [[ -z "${yubiset_version}" ]] ; then declare -r yubiset_version="0.3.2.Bash" ; fi
 if [[ -z "${me}" ]] ; then declare -r me="$(basename $0)" ; fi
 
 # https://stackoverflow.com/questions/630372/determine-the-path-of-the-executing-bash-script

unix/bash/lib/branding.sh

@@ -1,2 +1,3 @@
 declare -r branded_user_name="${user_name}"
-declare -r branded_user_comment=""
+# Be aware: GPG does not support arbitrary charaters in key comments. Especially parantheses '(' and ')' will cause problems. Don't use them.
+declare -r branded_user_comment=

unix/bash/yubiset.sh

@@ -93,15 +93,19 @@ echo "First, we need a little information from you."
 read -p "Please enter your full name: " user_name
 read -p "Please enter your full e-mail address: " user_email
 read -s -p "Please enter your passphrase: " passphrase
+echo
 
 . "${lib_dir}"/branding.sh
 silentCopy "${keygen_input}" "${keygen_input_copy}"
 echo "${branded_user_name}" >> "${keygen_input_copy}"
 echo "${user_email}" >> "${keygen_input_copy}"
-echo "${branded_user_comment}" >> "${keygen_input_copy}"
+
+# Some characters are not supported in key comments. See https://github.com/JanMosigItemis/yubiset/issues/4
+declare -r sanitized_user_comment=$( echo "${branded_user_comment}" | sed -r 's/[\(\)]+//g' )
+if [[ ! -z "${sanitized_user_comment}" ]]; then echo "Found custom user comment branding: ${sanitized_user_comment}" ; fi
+echo "${sanitized_user_comment}" >> "${keygen_input_copy}"
 
 # Master key generation
-echo
 echo "Now generating the master key. This may take a while.."
 { cat "${keygen_input_copy}" | "${YUBISET_GPG_BIN}" --command-fd=0 --status-fd=1 --expert --full-gen-key --pinentry-mode loopback --passphrase "${passphrase}" ; } || { cleanup; end_with_error "Generating the keypair raised an error." ; }
 echo ..Success!

windows/batch/lib/bootstrap.bat → windows/cmd/lib/bootstrap.bat

@@ -6,7 +6,7 @@ REM Arg 1: Full path to caller script
 REM Arg 2: Full path to yubiset windows script folder
 REM
 
-set yubiset_version=0.4.2
+set yubiset_version=0.4.3.CMD
 set me=%~1
 set root_folder=%~2..\..
 set error_prefix=ERROR

windows/batch/lib/branding.bat → windows/cmd/lib/branding.bat

@@ -6,6 +6,8 @@ REM Arg 1: User name
 REM
 
 set branded_user_name=%~1
+REM Be aware: GPG does not support arbitrary charaters in key comments. Especially parantheses '(' and ')' will cause problems.
+REM On Windows some additional characters may cause trouble, e. g. * ? & or %. Don't use them.
 set branded_user_comment=
 
 REM What follows is a trick to get the variables into the context of the calling script (which should be a local context as well) without polluting the global env.

windows/batch/yubiset.bat → windows/cmd/yubiset.bat

@@ -92,20 +92,25 @@ if defined powershell_available (
 	set /p passphrase=Please enter your passphrase: 
 )
 
+echo.
+
 call %lib_dir%/branding.bat "%user_name%"
 %ifErr% echo %error_prefix%: Could not load key branding information. & call :cleanup & goto end_with_error
 
 %silentCopy% %keygen_input% %keygen_input_copy%
 echo %branded_user_name%>> %keygen_input_copy%
 echo %user_email%>> %keygen_input_copy%
 if defined branded_user_comment (
-	echo %branded_user_comment%>> %keygen_input_copy%
+	REM Some characters are not supported in key comments. See https://github.com/JanMosigItemis/yubiset/issues/4
+	set sanitized_user_comment=!branded_user_comment:^(=!
+	set sanitized_user_comment=!sanitized_user_comment:^)=!
+	echo Found custom user comment branding: !sanitized_user_comment!
+	echo !sanitized_user_comment!>> %keygen_input_copy%
 ) else (
 	echo.>> %keygen_input_copy%
 )
 
 REM Master key generation
-echo.
 echo Now generating the master key. This may take a while..
 type %keygen_input_copy% | gpg --command-fd=0 --status-fd=1 --expert --full-gen-key --pinentry-mode loopback --passphrase %passphrase% >nul 2>&1
 %ifErr% echo %error_prefix%: Generating the keypair raised an error. Exiting. & call :cleanup & goto end_with_error