2 # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
4 # Monkeysphere host import-key subcommand
6 # The monkeysphere scripts are written by:
7 # Jameson Rollins <jrollins@finestructure.net>
8 # Jamie McClelland <jm@mayfirst.org>
9 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
11 # They are Copyright 2008-2009 and are all released under the GPL,
24 # check that key file specified
25 if [ -z "$sshKeyFile" ] ; then
26 failure "Must specify ssh key file to import, or specify '-' for stdin."
29 # use the default hostname if not specified
30 if [ -z "$hostName" ] ; then
31 hostName=$(hostname -f) || failure "Could not determine hostname."
32 # test that the domain is not obviously illegitimate
35 'local'|'localdomain')
36 failure "Host domain '$domain' is not legitimate. Aborting key import."
39 # test that there are at least two parts
40 if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
41 failure "Host name '$hostName' is not legitimate. Aborting key import."
45 userID="ssh://${hostName}"
47 if [ "$PROMPT" = "true" ] ; then
49 The ssh key will be imported and an OpenPGP certificate for this host
50 will be generated with the following user ID:
53 read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
54 if [ "${OK/y/Y}" != 'Y' ] ; then
55 failure "revoker not added."
58 log debug "importing key without prompting."
63 mkdir -p "${MHDATADIR}"
64 mkdir -p "${GNUPGHOME_HOST}"
65 chmod 700 "${GNUPGHOME_HOST}"
67 # import ssh key to a private key
68 if [ "$sshKeyFile" = '-' ] ; then
69 log verbose "importing ssh key from stdin..."
70 PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
73 log verbose "importing ssh key from file '$sshKeyFile'..."
74 PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
79 # load the new host fpr into the fpr variable. this is so we can
80 # create the gpg pub key file. we have to do this from the secret key
81 # ring since we obviously don't have the gpg pub key file yet, since
82 # that's what we're trying to produce (see below).
83 load_fingerprint_secret
85 # export to gpg public key to file
88 log info "host key imported:"
90 # show info about new key