# function to interact with the gpg core keyring
gpg_core() {
- local returnCode
-
GNUPGHOME="$GNUPGHOME_CORE"
export GNUPGHOME
# user to be able to read the host pubring. we realize this might
# be problematic, but it's the simplest solution, without too much
# loss of security.
- gpg --no-permission-warning "$@"
- returnCode="$?"
-
- # always reset the permissions on the host pubring so that the
- # monkeysphere user can read the trust signatures
- chgrp "$MONKEYSPHERE_USER" "${GNUPGHOME_CORE}/pubring.gpg"
- chmod g+r "${GNUPGHOME_CORE}/pubring.gpg"
-
- return "$returnCode"
+ gpg "$@"
}
# function to interact with the gpg sphere keyring
su_monkeysphere_user "gpg $@"
}
+# export signatures from core to sphere
+gpg_core_sphere_sig_transfer() {
+ gpg_core --export-options export-local-sigs --export | \
+ gpg_sphere --import-options import-local-sigs --import
+}
+
########################################################################
# MAIN
########################################################################
REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
GNUPGHOME_CORE=${MONKEYSPHERE_GNUPGHOME_CORE:="${MADATADIR}/core"}
GNUPGHOME_SPHERE=${MONKEYSPHERE_GNUPGHOME_SPHERE:="${MADATADIR}/sphere"}
+CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"}
# export variables needed in su invocation
export DATE
export GNUPGHOME_CORE
export GNUPGHOME_SPHERE
export GNUPGHOME
+export CORE_KEYLENGTH
# get subcommand
COMMAND="$1"