# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009 and are all released under the GPL,
+# They are Copyright 2008-2010 and are all released under the GPL,
# version 3 or later.
import_key() {
-local hostName
-local domain
-local userID
+local keyFile="$1"
+local serviceName="$2"
-hostName="$1"
+# check that key file specified
+if [ -z "$keyFile" ] ; then
+ failure "Must specify PEM-encoded key file to import, or specify '-' for stdin."
+fi
-# use the default hostname if not specified
-if [ -z "$hostName" ] ; then
- hostName=$(hostname -f)
- # test that the domain is not obviously illegitimate
- domain=${foo##*.}
- case $domain in
- 'local'|'localdomain')
- failure "Host domain '$domain' is not legitimate. Aborting key import."
- ;;
- esac
- # test that there are at least two parts
- if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
- failure "Host name '$hostName' is not legitimate. Aborting key import."
- fi
+# fail if hostname not specified
+if [ -z "$serviceName" ] ; then
+ failure "You must specify a service name for use in the OpenPGP certificate user ID."
fi
-userID="ssh://${hostName}"
+# test that a key with that user ID does not already exist
+prompt_userid_exists "$serviceName"
+
+# check that the service name is well formatted
+check_service_name "$serviceName"
# create host home
mkdir -p "${MHDATADIR}"
-mkdir -p "${MHTMPDIR}"
mkdir -p "${GNUPGHOME_HOST}"
chmod 700 "${GNUPGHOME_HOST}"
-log verbose "importing ssh key..."
-# translate ssh key to a private key
-PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- | gpg_host --import 2>&1 | log debug
-
-# load the new host fpr into the fpr variable. this is so we can
-# create the gpg pub key file. we have to do this from the secret key
-# ring since we obviously don't have the gpg pub key file yet, since
-# that's what we're trying to produce (see below).
-load_fingerprint_secret
+# import pem-encoded key to an OpenPGP private key
+if [ "$keyFile" = '-' ] ; then
+ log verbose "importing key from stdin..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \
+ | gpg_host --import
+else
+ log verbose "importing key from file '$keyFile'..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \
+ <"$keyFile" \
+ | gpg_host --import
+fi
-# export to gpg public key to file
-update_gpg_pub_file
+# export to OpenPGP public key to file
+update_pgp_pub_file
log info "host key imported:"
# show info about new key
-show_key
+show_key "$serviceName"
}