2 # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
4 # Monkeysphere gen-subkey subcommand
6 # The monkeysphere scripts are written by:
7 # Jameson Rollins <jrollins@finestructure.net>
8 # Jamie McClelland <jm@mayfirst.org>
9 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
11 # They are Copyright 2008-2009, and are all released under the GPL,
14 # generate a subkey with the 'a' usage flags set
35 if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
36 failure "Unknown option '$1'.
37 Type '$PGRM help' for usage."
46 gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
49 gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
52 failure "You must specify only a single primary key ID."
56 # check that only a single secret key was found
57 case $(echo "$gpgSecOut" | grep -c '^sec:') in
59 failure "No secret keys found. Create an OpenPGP key with the following command:
63 keyID=$(echo "$gpgSecOut" | cut -d: -f5)
66 echo "Multiple primary secret keys found:"
67 echo "$gpgSecOut" | cut -d: -f5
68 failure "Please specify which primary key to use."
72 # check that a valid authentication key does not already exist
74 for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
75 type=$(echo "$line" | cut -d: -f1)
76 validity=$(echo "$line" | cut -d: -f2)
77 usage=$(echo "$line" | cut -d: -f12)
80 if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then
83 # check for authentication capability
84 if ! check_capability "$usage" 'a' ; then
87 # if authentication key is valid, prompt to continue
88 if [ "$validity" = 'u' ] ; then
89 log error "A valid authentication key already exists for primary key '$keyID'."
90 if [ "$PROMPT" = "true" ] ; then
91 read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
92 if [ "${OK/y/Y}" != 'Y' ] ; then
102 # set subkey defaults
103 # prompt about key expiration if not specified
104 keyExpire=$(get_gpg_expiration "$keyExpire")
106 # generate the list of commands that will be passed to edit-key
107 editCommands=$(cat <<EOF
120 log verbose "generating subkey..."
121 fifoDir=$(msmktempdir)
122 (umask 077 && mkfifo "$fifoDir/pass")
123 echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
125 # FIXME: this needs to fail more gracefully if the passphrase is incorrect
126 passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"