# datadir for host functions
MHDATADIR="${SYSDATADIR}/host"
+# temp directory for temp gnupghome directories for add_revoker
+MHTMPDIR="${MHDATADIR}/tmp"
+export MHTMPDIR
+
# host pub key files
HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub"
HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
"0x${HOST_FINGERPRINT}!"
}
-# export the host secret key to the monkeysphere ssh sec key file
-# NOTE: assumes that the primary key is the proper key to use
-create_ssh_sec_file() {
- log debug "creating ssh secret key file..."
- (umask 077 && \
- gpg_host --export-secret-key "$HOST_FINGERPRINT" | \
- openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key")
- log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key"
-}
-
-# export the host public key to the monkeysphere ssh pub key file
-create_ssh_pub_file() {
- log debug "creating ssh public key file..."
- ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB"
- log info "SSH host public key file: $HOST_KEY_PUB"
-}
-
# export the host public key to the monkeysphere gpg pub key file
create_gpg_pub_file() {
log debug "creating openpgp public key file..."
# load the host fingerprint into the fingerprint variable, using the
# export gpg pub key file
+# FIXME: this seems much less than ideal, with all this temp keyring
+# stuff. is there a way we can do this without having to create temp
+# files?
load_fingerprint() {
if [ -f "$HOST_KEY_PUB_GPG" ] ; then
HOST_FINGERPRINT=$( \
# show info about the host key
show_key() {
gpg_host --fingerprint --list-key --list-options show-unusable-uids \
- "0x${HOST_FINGERPRINT}!" 2>/dev/null
+ "0x${HOST_FINGERPRINT}!" 2>/dev/null || true
# FIXME: make sure expiration date is shown
echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
usage: $PGRM expert <subcommand> [options] [args]
expert subcommands:
- import-key (i) [NAME[:PORT]] import existing ssh key to gpg
+ import-key (i) FILE [NAME[:PORT]] import existing ssh key to gpg
gen-key (g) [NAME[:PORT]] generate gpg key for the host
--length (-l) BITS key length in bits (2048)
diagnostics (d) monkeysphere host status