added monkeysphere-server show-fingerprint

[monkeysphere.git] / src / monkeysphere-server

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 560d249867d780183f9b070ed341c099bf948963..ce5aa9c405bc00170465c2328a44dd0745d94213 100755 (executable)
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -51,7 +51,7 @@ gen_key() {
     # set key defaults
     KEY_TYPE=${KEY_TYPE:-"RSA"}
     KEY_LENGTH=${KEY_LENGTH:-"2048"}
-    KEY_USAGE=${KEY_USAGE:-"auth,encrypt"}
+    KEY_USAGE=${KEY_USAGE:-"auth"}
     cat <<EOF
 Please specify how long the key should be valid.
          0 = key does not expire
@@ -76,6 +76,9 @@ EOF
 )
 
     # add the revoker field if requested
+# FIXME: the 1: below assumes that $REVOKER's key is an RSA key.  why?
+# FIXME: why is this marked "sensitive"?  how will this signature ever
+# be transmitted to the expected revoker?
     if [ "$REVOKER" ] ; then
        keyParameters="${keyParameters}"$(cat <<EOF
 
@@ -106,7 +109,12 @@ EOF
 
     log -n "generating server key... "
     echo "$keyParameters" | gpg --batch --gen-key
-    loge "done."
+    log "done."
+    fingerprint_server_key
+}
+
+fingerprint_server_key() {
+    gpg --fingerprint --list-secret-keys =ssh://$(hostname --fqdn)
 }
 
 ########################################################################
@@ -195,6 +203,10 @@ case $COMMAND in
        gen_key "$1"
        ;;
 
+    'show-fingerprint'|'f')
+       fingerprint_server_key
+       ;;
+
     'publish-key'|'p')
        publish_server_key
        ;;