2 # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
4 # Monkeysphere host revoke-key subcommand
6 # The monkeysphere scripts are written by:
7 # Jameson Rollins <jrollins@finestructure.net>
8 # Jamie McClelland <jm@mayfirst.org>
9 # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
11 # They are Copyright 2008-2009, and are all released under the GPL,
18 # Coming in here, we expect $HOST_FINGERPRINT to be set, and we
19 # believe that there is in fact a key.
21 # our current implementation is very simple: we just want to
22 # generate the revocation certificate on stdout. This provides
23 # for the two most likely (but hopefully not common) scenarios:
25 # an admin wants a revocation certificate for the host which they
26 # can store securely offline. In this case, the admin can
27 # redirect stdout to a file, or can simply copy/paste or
28 # transcribe from the terminal.
30 # Alternately, an admin might want to publish the revocation
31 # certificate immediately. here's a quick way to do this:
35 # export GNUPGHOME="$tmp"
36 # gpg --import < /var/lib/monkeysphere/ssh_host_rsa_key.pub.gpg
37 # monkeysphere-host revoke-key | gpg --import
38 # gpg --keyserver pool.sks-keyservers.net --send $(hostname -f)
41 # note: we're not using the gpg_host function because we actually
42 # want to use gpg's UI in this case, so we want to omit --no-tty
44 GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!"