--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
--revoker (-r) FINGERPRINT add a revoker
- extend-key (e) EXPIRE extend expiration to EXPIRE
+ extend-key (e) EXPIRE extend expiration to EXPIRE
add-hostname (n+) NAME[:PORT] add hostname user ID to server key
revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
show-key (s) output all server host key information
local tmpkey
fingerprint=$(fingerprint_server_key)
- gpg_authentication "--fingerprint --list-key $fingerprint"
+ gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
# dumping to a file named ' ' so that the ssh-keygen output
# doesn't claim any potentially bogus hostname(s):
tmpkey=$(mktemp -d)
gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
echo -n "ssh fingerprint: "
- (cd "$tmpkey" && ssh-keygen -l -f ' ')
+ (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
rm -rf "$tmpkey"
echo -n "OpenPGP fingerprint: "
echo "$fingerprint"
fi
# prompt about key expiration if not specified
- if [ -z "$keyExpire" ] ; then
- keyExpire=$(get_gpg_expiration)
- fi
- if ! test_gpg_expire "$keyExpire" ; then
- failure "invalid key expiration value '$keyExpire'."
- fi
+ keyExpire=$(get_gpg_expiration "$keyExpire")
# set key parameters
keyParameters=$(cat <<EOF
failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first."
fi
- if [ -z "$extendTo" ]; then
- extendTo=$(get_gpg_expiration)
- fi
- if ! test_gpg_expire "$extendTo" ; then
- failure "invalid expiration value '$extendTo'."
- fi
+ # get the new expiration date
+ extendTo=$(get_gpg_expiration "$extendTo")
gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF
expire
$extendTo
save
EOF
+
+ echo
echo "NOTE: Host key expiration date adjusted, but not yet published."
echo "Run '$PGRM publish-key' to publish the new expiration date."
}
# execute edit-key script
if echo "$adduidCommand" | \
gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
- # update trust db
- gpg_host --check-trustdb
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
show_server_key
+ echo
echo "NOTE: User ID added to key, but key not published."
echo "Run '$PGRM publish-key' to publish the new user ID."
else
# execute edit-key script
if echo "$revuidCommand" | \
gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
- # update trust db
- gpg_host --check-trustdb
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
show_server_key
+ echo
echo "NOTE: User ID revoked, but revocation not published."
echo "Run '$PGRM publish-key' to publish the revocation."
else
if gpg_authentication "--delete-key --batch --yes 0x${keyID}!" ; then
# delete key from host keyring as well
gpg_host --delete-key --batch --yes "0x${keyID}!"
+
# update the trustdb for the authentication keyring
gpg_authentication "--check-trustdb"