import_key() {
-local keyFile
local hostName
+local domain
local userID
-keyFile="$1"
-[ -f "$keyFile" ]
+hostName="$1"
+
+# use the default hostname if not specified
+if [ -z "$hostName" ] ; then
+ hostName=$(hostname -f)
+ # test that the domain is not obviously illegitimate
+ domain=${foo##*.}
+ case $domain in
+ 'local'|'localdomain')
+ failure "Host domain '$domain' is not legitimate. Aborting key import."
+ ;;
+ esac
+ # test that there are at least two parts
+ if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
+ failure "Host name '$hostName' is not legitimate. Aborting key import."
+ fi
+fi
-hostName=${2:-$(hostname -f)}
userID="ssh://${hostName}"
# create host home
-mkdir -p "$GNUPGHOME_HOST"
-chmod 700 "$GNUPGHOME_HOST"
+mkdir -p "${MHDATADIR}"
+mkdir -p "${MHTMPDIR}"
+mkdir -p "${GNUPGHOME_HOST}"
+chmod 700 "${GNUPGHOME_HOST}"
log verbose "importing ssh key..."
# translate ssh key to a private key
-PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$keyFile" \
+PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
| gpg_host --import
-# load the new host fpr into the fpr variable
+# load the new host fpr into the fpr variable. this is so we can
+# create the gpg pub key file. we have to do this from the secret key
+# ring since we obviously don't have the gpg pub key file yet, since
+# that's what we're trying to produce (see below).
load_fingerprint_secret
-# export the host public key to the monkeysphere ssh pub key file
-log debug "creating ssh public key file..."
-ssh-keygen -y -f "$keyFile" > "$HOST_KEY_PUB"
-log info "SSH host public key file: $HOST_KEY_PUB"
+# set ultimate owner trust on the newly imported key
+printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust
+
+# update trustdb
+gpg_host --check-trustdb
# export to gpg public key to file
-create_gpg_pub_file
+update_gpg_pub_file
# show info about new key
show_key