--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
--revoker (-r) FINGERPRINT add a revoker
- extend-key (e) EXPIRE extend expiration to EXPIRE
+ extend-key (e) EXPIRE extend expiration to EXPIRE
add-hostname (n+) NAME[:PORT] add hostname user ID to server key
revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
show-key (s) output all server host key information
- fingerprint (f) output just the key fingerprint
publish-key (p) publish server host key to keyserver
diagnostics (d) report on server monkeysphere status
# output key information
show_server_key() {
local fingerprint
+ local tmpkey
+
fingerprint=$(fingerprint_server_key)
- gpg_host --fingerprint --list-secret-key "$fingerprint"
+ gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
+
+ # dumping to a file named ' ' so that the ssh-keygen output
+ # doesn't claim any potentially bogus hostname(s):
+ tmpkey=$(mktemp -d)
+ gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
+ echo -n "ssh fingerprint: "
+ (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
+ rm -rf "$tmpkey"
+ echo -n "OpenPGP fingerprint: "
+ echo "$fingerprint"
}
# update authorized_keys for users
fi
# prompt about key expiration if not specified
- if [ -z "$keyExpire" ] ; then
- keyExpire=$(get_gpg_expiration)
- fi
- if ! test_gpg_expire "$keyExpire" ; then
- failure "invalid key expiration value '$keyExpire'."
- fi
+ keyExpire=$(get_gpg_expiration "$keyExpire")
# set key parameters
keyParameters=$(cat <<EOF
failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first."
fi
- if [ -z "$extendTo" ]; then
- extendTo=$(get_gpg_expiration)
- fi
- if ! test_gpg_expire "$extendTo" ; then
- failure "invalid expiration value '$extendTo'."
- fi
+ # get the new expiration date
+ extendTo=$(get_gpg_expiration "$extendTo")
gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF
expire
$extendTo
save
EOF
+
+ echo
echo "NOTE: Host key expiration date adjusted, but not yet published."
echo "Run '$PGRM publish-key' to publish the new expiration date."
}
# execute edit-key script
if echo "$adduidCommand" | \
gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
- # update trust db
- gpg_host --check-trustdb
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
show_server_key
+ echo
echo "NOTE: User ID added to key, but key not published."
echo "Run '$PGRM publish-key' to publish the new user ID."
else
# execute edit-key script
if echo "$revuidCommand" | \
gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
- # update trust db
- gpg_host --check-trustdb
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
show_server_key
+ echo
echo "NOTE: User ID revoked, but revocation not published."
echo "Run '$PGRM publish-key' to publish the revocation."
else
if gpg_authentication "--delete-key --batch --yes 0x${keyID}!" ; then
# delete key from host keyring as well
gpg_host --delete-key --batch --yes "0x${keyID}!"
+
# update the trustdb for the authentication keyring
gpg_authentication "--check-trustdb"
show_server_key
;;
- 'show-fingerprint'|'fingerprint'|'f')
- fingerprint_server_key
- ;;
-
'publish-key'|'publish'|'p')
publish_server_key
;;