MHDATADIR="${SYSDATADIR}/host"
# host pub key files
-HOST_KEY_FILE="${SYSDATADIR}/host_keys.pub.gpg"
-# host pub key fingerprints file
-HOST_KEY_FPR_FILE="${SYSDATADIR}/host_keys.fprs"
+HOST_KEY_FILE="${SYSDATADIR}/host_keys.pub.pgp"
# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')
gpg_host --command-fd 0 --edit-key "$@"
}
-# export the monkeysphere gpg pub key file
-update_gpg_pub_file() {
+# export the monkeysphere OpenPGP pub key file
+update_pgp_pub_file() {
log debug "updating openpgp public key file '$HOST_KEY_FILE'..."
- gpg_host --export --armor --export-options export-minimal > "$HOST_KEY_FILE"
- log debug "updating fingerprint file '$HOST_KEY_FPR_FILE'..."
- gpg_host --list-secret-key --with-colons --with-fingerprint \
- | awk -F: '/^fpr:/{ print $10 }' > "$HOST_KEY_FPR_FILE"
+ gpg_host --export --armor --export-options export-minimal \
+ $(gpg_host --list-secret-keys --with-colons --fingerprint | grep ^fpr | cut -f9 -d:) \
+ > "$HOST_KEY_FILE"
}
host_fingerprints() {
- local fprs=($(cat "$HOST_KEY_FPR_FILE"))
+ local fprs=($(<"$HOST_KEY_FILE" "$SYSSHAREDIR/keytrans" listfprs))
log debug "host key fingerprints:"
printf '%s\n' "${fprs[@]}" | log debug
# fail if host key not present
check_no_keys() {
- [ -s "$HOST_KEY_FILE" ] || [ -s "$HOST_KEY_FPR_FILE" ] \
+ [ -s "$HOST_KEY_FILE" ] \
|| failure "You don't appear to have a Monkeysphere host key on this server.
Please run 'monkeysphere-host import-key' import a key."
}
;;
*)
if [ -z "$keyID" ] ; then
- failure "Keyring contains multiple keys. Please specify one to act on (see 'monkeysphere-host show-key')."
+ failure "Your host keyring contains multiple keys.
+Please specify one to act on (see 'monkeysphere-host show-key')."
fi
;;
esac
printf '%s\n' "${fprs[@]}" | grep "${keyID}$" \
- || failure "Key '$keyID' not found."
+ || failure "Host key '$keyID' not found."
}
# return 0 if user ID was found.
if [[ -z "$1" || "$1" == '--all' ]] ; then
keys="${fprs[@]}"
- else
- for key in $keys ; do
- printf '%s\n' "${fprs[@]}" | grep "${key}$" \
- || failure "Key '$key' not found."
- done
fi
for key in $keys ; do
show_key() {
local id="$1"
local GNUPGHOME
- local TMPSSH
local fingerprint
+ local tmpssh
local revokers
# tmp gpghome dir
# import the host key into the tmp dir
gpg --quiet --import <"$HOST_KEY_FILE"
- # create the ssh key
- TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub
- gpg --export "$id" | openpgp2ssh 2>/dev/null >"$TMPSSH"
-
# get the gpg fingerprint
- fingerprint=$(gpg --quiet --list-keys \
+ if gpg --quiet --list-keys \
--with-colons --with-fingerprint "$id" \
- | grep '^fpr:' | cut -d: -f10 )
+ | grep '^fpr:' | cut -d: -f10 > "$GNUPGHOME"/fingerprint ; then
+ fingerprint=$(cat "$GNUPGHOME"/fingerprint)
+ else
+ failure "ID '$id' not found."
+ fi
+
+ # create the ssh key
+ tmpssh="$GNUPGHOME"/ssh_host_key_rsa_pub
+ gpg --export "$fingerprint" 2>/dev/null \
+ | openpgp2ssh 2>/dev/null >"$tmpssh"
# list the host key info
# FIXME: make no-show-keyring work so we don't have to do the grep'ing
# FIXME: can we show uid validity somehow?
- gpg --list-keys --list-options show-unusable-uids "$id" 2>/dev/null \
+ gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \
| grep -v "^${GNUPGHOME}/pubring.gpg$" \
| egrep -v '^-+$'
# list revokers, if there are any
- revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$id" \
+ revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \
| awk -F: '/^rvk:/{ print $10 }' )
if [ "$revokers" ] ; then
echo "The following keys are allowed to revoke this host key:"
# list the ssh fingerprint
echo -n "ssh fingerprint: "
- ssh-keygen -l -f "$TMPSSH" | awk '{ print $1, $2, $4 }'
+ ssh-keygen -l -f "$tmpssh" | awk '{ print $1, $2, $4 }'
# remove the tmp file
trap - EXIT
diagnostics
;;
- 'update-gpg-pub-file')
- update_gpg_pub_file
+ 'update-pgp-pub-file')
+ update_pgp_pub_file
;;
'version'|'v')