- local fingerprintPGP
- local fingerprintSSH
-
- # FIXME: you shouldn't have to be root to see the host key fingerprint
- check_host_keyring
- fingerprintPGP=$(fingerprint_server_key)
- gpg_host "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
- echo "OpenPGP fingerprint: $fingerprintPGP"
-
- if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
- fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
- awk '{ print $1, $2, $4 }')
- echo "ssh fingerprint: $fingerprintSSH"
- else
- log info "SSH host key not found."
- fi
+ local GNUPGHOME
+
+ # tmp gpghome dir
+ export GNUPGHOME=$(mktemp -d)
+
+ # trap to remove tmp dir if break
+ trap "rm -rf $GNUPGHOME" EXIT
+
+ gpg --quiet --import <"$HOST_KEY_FILE"
+
+ HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
+ | grep '^fpr:' | cut -d: -f10 )
+
+ # list the host key info
+ # FIXME: make no-show-keyring work so we don't have to do the grep'ing
+ # FIXME: why is this not showing key expiration?
+ gpg --list-keys --fingerprint \
+ --list-options show-unusable-uids 2>/dev/null \
+ | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+ | egrep -v '^-+$'
+
+ # list the pgp fingerprint
+ echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
+
+ # list the ssh fingerprint
+ echo -n "ssh fingerprint: "
+ ssh-keygen -l -f /dev/stdin \
+ <<<$(openpgp2ssh <"$HOST_KEY_FILE" 2>/dev/null) \
+ | awk '{ print $1, $2, $4 }'
+
+ # remove the tmp file
+ trap - EXIT
+ rm -rf "$GNUPGHOME"