Commit: 292ad3c7f2059b0178695c0117d52a8f2a8aca88
Parent: 86d86b4b45eace8ae109440a0ef03afda74b69d1
Author: Vi Grey
Date: 2023-09-25 03:40 UTC
Summary: Make new fsv save immediately, add tools & FAQ
Changed
- FSV file saves immediately upon creation instead of after first change

Added
- FAQ.txt file
- tools/decode-qr-img.sh
- tools/generate-qr-pdfs.sh

 CHANGELOG.md              | 13 +++++++++++++
 src/FAQ.txt               | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/fulla.go              |  2 +-
 src/menus.go              |  1 +
 tools/decode-qr-img.sh    | 16 ++++++++++++++++
 tools/generate-qr-pdfs.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 139 insertions(+), 1 deletion(-)


diff --git a/CHANGELOG.md b/CHANGELOG.md
index cbd39ad..9e38460 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,19 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
+## [0.0.5] - 2023-09-25
+
+### Changed
+
+- FSV file saves immediately upon creation instead of after first change
+
+### Added
+
+- FAQ.txt file
+- tools/decode-qr-img.sh
+- tools/generate-qr-pdfs.sh
+
+
 ## [0.0.4] - 2023-09-24
 
 ### Fixed
diff --git a/src/FAQ.txt b/src/FAQ.txt
new file mode 100644
index 0000000..0609108
--- /dev/null
+++ b/src/FAQ.txt
@@ -0,0 +1,56 @@
+These questions will be asked in the perspective of you, the reader.
+These answers are written in the perspective of me, the writer.
+
+
+1. Why did you make this?
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+I wanted to control my account management as much as possible.  That
+includes password management and 2-factor authentication code
+management.  Some requirements for me were that this system would need
+to easily run on a computer that might not have internet access and
+would also need to be able to run on Plan9.  It also needed to be able
+to generate small and simple password/otp vault files that I could
+convert to QR codes and print out to have as physical backups.
+
+I also wanted the password/otp vault files to be simple enough to
+describe as a specification that they could be printed out as well.
+These printed out physical backups would be given to multiple people to
+store in case something catastraphic happens and I lose access to my
+computers and the server storing the source code for this project.  In
+that case, I would get one of the backups and start building back the
+ability to read the vault files again... what I have taken to calling
+"Security Panspermia".
+
+
+2. Should I use this project?
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+No.  I trust its security for myself, but I'm just some random person
+on the internet.  Don't trust this code or how anything is implemented
+in it.  Consider this project an experiment.
+
+
+3. Why does this implementation randomize the first 4 bytes of the
+chacha20Poly1305 nonce every time instead of just incrementing the
+nonce?  Doesn't that reduce the amount of guaranteed unique nonces?
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+Yes, randomizing the first 4 bytes of the nonce every time I generate
+a new nonce does reduce the amount of guaranteed unique nonces, which
+would usually be worse for security.  I have a specific reason for this
+though.  An FSV file can be backed up and each copy of that FSV file
+can be edited independently of each other.  This essentially creates a
+split timeline for the file, where both are considered the valid
+successor of that original FSV file.  If I didn't add some data to make
+these 2 files different, they would both have the same nonce, which is
+against the nonce requirement for chacha20poly1305.
+
+There is an issue with using 4 random bytes though, as there is a 1 in
+4,294,967,296 chance that both files will still have the same nonce.  It
+is possible to use a value like time to make sure the nonces are unique,
+but that has some issues as well.  One issue is that not every computer
+is connected to the internet or has an accurate clock.  Another issue is
+using time would leak information about when the FSV file was saved.
+Because of these issues, I have decided that it's better to risk a
+duplicate nonce at the rate of 1 in 4,294,967,296.  Besides, the chance
+of winning the Powerball Jackpot is 1 in 292,201,338, so I feel like I
+should be safe in the rare event that I make different edits in multiple
+copies of the same FSV file.
diff --git a/src/fulla.go b/src/fulla.go
index a116d38..bf24eb0 100644
--- a/src/fulla.go
+++ b/src/fulla.go
@@ -7,7 +7,7 @@ import (
 )
 
 const (
-	FULLA_VERSION = "0.0.4"
+	FULLA_VERSION = "0.0.5"
 )
 
 var (
diff --git a/src/menus.go b/src/menus.go
index 2f87bf9..3fde411 100644
--- a/src/menus.go
+++ b/src/menus.go
@@ -57,6 +57,7 @@ func newFileMenu() {
 	cipherData := new(cipherDataStruct)
 	setPassphraseMenu(hashData, cipherData, false)
 	fsvData := new(FSVData)
+	saveFSVFile(f, fsvData, hashData, cipherData)
 	if t == "p" {
 		fsvData.Type = "password"
 		passwordEntriesMainMenu(f, fsvData, hashData, cipherData)
diff --git a/tools/decode-qr-img.sh b/tools/decode-qr-img.sh
new file mode 100755
index 0000000..61d1f34
--- /dev/null
+++ b/tools/decode-qr-img.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Requires:
+#   - zbarimg
+#   - base64
+#   - POSIX complaint shell
+#
+# Usage: decode-qr-img.sh path
+#   - path is the path to image file
+#
+# Example: decode-qr-img.sh passwords.fsv-base64.png > passwords.fsv
+#
+# Decodes QR code data from image specified in argument and base64
+# decodes it the raw data.  Prints the base64 decoded data to STDOUT.
+
+zbarimg --raw -q $1 | base64 -d
diff --git a/tools/generate-qr-pdfs.sh b/tools/generate-qr-pdfs.sh
new file mode 100755
index 0000000..603df44
--- /dev/null
+++ b/tools/generate-qr-pdfs.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# Requires:
+#   - groff
+#   - qrencode
+#   - base64
+#   - ps2pdf
+#   - basename
+#   - POSIX complaint shell
+#
+# Usage: generate-qr-pdfs.sh Name path...
+#   - Name is your name
+#   - path is 1 or more .fsv file paths
+#
+# Example: generate-qr-pdfs.sh "Vi Grey" passwords.fsv otp.fsv
+#
+# This script creates a directory called "pdf/" that is placed in the
+# current path, so if you are running this script while your terminal
+# is in the /home/user/test directory, the "pdf/" directory will be
+# created at /home/user/test/pdf.  The pdf files will be stored in that
+# directory and will be named the specified path basename-base64.pdf, so
+# for example, if I specify the path test/passwords.fsv, the file
+# passwords.fsv-base64.pdf will be created at
+# pdf/passwords.fsv-base64.pdf.  A temporary file called qr.eps will be
+# created in that pdf/ directory as well and will be deleted at the end
+# of this script.
+
+mkdir -p "$PWD/pdf/"
+
+i=1
+for arg do
+	if [ "$i"	-gt 1 ]; then
+		f=$(basename "$arg")
+		base64 "$arg" | qrencode -t EPS -o "$PWD/pdf/qr.eps"
+		cat << EOF | groff -ms -Tps - | ps2pdf - "$PWD/pdf/$f-base64.pdf"
+.PSPIC -C "pdf/qr.eps"
+.DS C
+.sp 48p
+.ps 36
+.B "$1"
+.sp 10p
+.ps 18
+.B "$f (base64)"
+.sp 10p
+$(date -u "+%Y-%m-%d %T UTC")
+.DE
+EOF
+	fi
+	i=$((i + 1))
+done
+
+rm "$PWD/pdf/qr.eps"