+ # some crazy piping here that takes the output of gpg and
+ # pipes it into a "while read" loop that reads each line
+ # of standard input one-by-one.
+ gpg --fixed-list-mode --list-key --with-colons \
+ --with-fingerprint ="$userID" 2> /dev/null | \
+ cut -d : -f 1,2,5,10,12 | \
+ while IFS=: read -r type validity keyid uidfpr capability ; do
+ # process based on record type
+ case $type in
+ 'pub')
+ # new key, wipe the slate
+ keyOK=
+ keyCapability=
+ keyFingerprint=
+ # check primary key validity
+ if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ continue
+ fi
+ # check capability is not Disabled...
+ if echo "$capability" | grep -q 'D' ; then
+ continue
+ fi
+ # check capability is Encryption and Authentication
+ # FIXME: make more flexible capability specification
+ # (ie. in conf file)
+ if echo "$capability" | grep -q -v 'E' ; then
+ if echo "$capability" | grep -q -v 'A' ; then
+ continue
+ fi
+ fi
+ keyCapability="$capability"
+ keyOK=true
+ keyID="$keyid"
+ ;;
+ 'fpr')
+ # if key ok, get fingerprint
+ if [ "$keyOK" ] ; then
+ keyFingerprint="$uidfpr"
+ fi
+ ;;
+ 'uid')
+ # check key ok and we have key fingerprint
+ if [ -z "$keyOK" -o -z "$keyFingerprint" ] ; then
+ continue
+ fi
+ # check key validity
+ if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ continue
+ fi
+ # check the uid matches
+ if [ "$(unescape "$uidfpr")" != "$userID" ] ; then
+ continue
+ fi
+ # convert the key
+ # FIXME: needs to apply extra options if specified
+ echo -n " valid key found; generating ssh key(s)... "
+ userIDHash=$(echo "$userID" | sha1sum | awk '{ print $1 }')
+ # export the key with gpg2ssh
+ #gpg --export "$keyFingerprint" | gpg2ssh "$mode" > "$cacheDir"/"$userIDHash"."$keyFingerprint"
+ # stand in until we get dkg's gpg2ssh program
+ gpg2ssh_tmp "$mode" "$keyID" "$userID" > "$cacheDir"/"$userIDHash"."$keyFingerprint"
+ if [ "$?" = 0 ] ; then
+ echo "done."
+ else
+ echo "error."
+ fi
+ ;;
+ esac
+ done
+}
+
+# process the auth_*_ids file
+# go through line-by-line, extracting and processing each user id
+# expects global variable: "mode"
+process_auth_file() {
+ local authIDsFile
+ local cacheDir
+ local nLines
+ local line
+ local userID
+
+ authIDsFile="$1"
+ cacheDir="$2"
+
+ # find number of user ids in auth_user_ids file
+ nLines=$(meat <"$authIDsFile" | wc -l)
+
+ # make sure gpg home exists with proper permissions
+ mkdir -p -m 0700 "$GNUPGHOME"
+
+ # clean out keys file and remake keys directory
+ rm -rf "$cacheDir"
+ mkdir -p "$cacheDir"
+
+ # loop through all user ids
+ for line in $(seq 1 $nLines) ; do
+ # get user id
+ # FIXME: needs to handle extra options if necessary
+ userID=$(meat <"$authIDsFile" | cutline "$line" )
+
+ # process the user id and extract keys
+ log "processing user id: '$userID'"
+ process_user_id "$userID" "$cacheDir"
+ done
+}
+
+
+########################################################################
+# MAIN
+########################################################################
+
+if [ -z "$1" ] ; then
+ usage
+ exit 1
+fi
+
+# check mode
+mode="$1"
+shift 1
+
+# check user
+if ! id -u "$USER" > /dev/null 2>&1 ; then
+ failure "invalid user '$USER'."
+fi
+
+# set user home directory
+HOME=$(getent passwd "$USER" | cut -d: -f6)
+
+# get ms home directory
+MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere}
+
+# load configuration file
+MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf}
+[ -e "$MS_CONF" ] && . "$MS_CONF"
+
+# set config variable defaults
+STAGING_AREA=${STAGING_AREA:-"$MS_HOME"}
+AUTH_HOST_FILE=${AUTH_HOST_FILE:-"$MS_HOME"/auth_host_ids}
+AUTH_USER_FILE=${AUTH_USER_FILE:-"$MS_HOME"/auth_user_ids}
+GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg}
+KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
+
+USER_KNOW_HOSTS="$HOME"/.ssh/known_hosts
+USER_AUTHORIZED_KEYS="$HOME"/.ssh/authorized_keys
+
+# export USER and GNUPGHOME variables, since they are used by gpg
+export USER
+export GNUPGHOME
+
+# stagging locations
+hostKeysCacheDir="$STAGING_AREA"/host_keys
+userKeysCacheDir="$STAGING_AREA"/user_keys
+msKnownHosts="$STAGING_AREA"/known_hosts
+msAuthorizedKeys="$STAGING_AREA"/authorized_keys
+
+# set mode variables
+if [ "$mode" = '--known_hosts' -o "$mode" = '-k' ] ; then
+ fileType=known_hosts
+ authIDsFile="$AUTH_HOST_FILE"
+ outFile="$msKnownHosts"
+ cacheDir="$hostKeysCacheDir"
+ userFile="$USER_KNOWN_HOSTS"
+elif [ "$mode" = '--authorized_keys' -o "$mode" = '-a' ] ; then
+ fileType=authorized_keys
+ authIDsFile="$AUTH_USER_FILE"
+ outFile="$msAuthorizedKeys"
+ cacheDir="$userKeysCacheDir"
+ userFile="$USER_AUTHORIZED_KEYS"
+else
+ failure "unknown command '$mode'."
+fi
+
+# check auth ids file
+if [ ! -s "$authIDsFile" ] ; then
+ echo $(basename "$authIDsFile") "file is empty or does not exist."
+ exit
+fi
+
+log "user '$USER': monkeysphere $fileType generation..."
+
+# process the auth file
+process_auth_file "$authIDsFile" "$cacheDir"
+
+# write output key file
+log "writing ms $fileType file... "
+> "$outFile"
+if [ "$(ls "$cacheDir")" ] ; then
+ log -n "adding gpg keys... "
+ cat "$cacheDir"/* > "$outFile"
+ echo "done."
+else
+ log "no gpg keys to add."
+fi
+if [ -s "$userFile" ] ; then
+ log -n "adding user $fileType file... "
+ cat "$userFile" >> "$outFile"
+ echo "done."