import_key() {
local hostName
+local domain
local userID
-hostName=${1:-$(hostname -f)}
+hostName="$1"
+
+# use the default hostname if not specified
+if [ -z "$hostName" ] ; then
+ hostName=$(hostname -f)
+ # test that the domain is not obviously illegitimate
+ domain=${foo##*.}
+ case $domain in
+ 'local'|'localdomain')
+ failure "Host domain '$domain' is not legitimate. Aborting key import."
+ ;;
+ esac
+ # test that there are at least two parts
+ if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
+ failure "Host name '$hostName' is not legitimate. Aborting key import."
+ fi
+fi
userID="ssh://${hostName}"
# create host home
-mkdir -p "$GNUPGHOME_HOST"
-chmod 700 "$GNUPGHOME_HOST"
+mkdir -p "${MHDATADIR}"
+mkdir -p "${MHTMPDIR}"
+mkdir -p "${GNUPGHOME_HOST}"
+chmod 700 "${GNUPGHOME_HOST}"
log verbose "importing ssh key..."
# translate ssh key to a private key
-PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \
- gpg_host --import
+PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+ | gpg_host --import
-# load the new host fpr into the fpr variable
+# load the new host fpr into the fpr variable. this is so we can
+# create the gpg pub key file. we have to do this from the secret key
+# ring since we obviously don't have the gpg pub key file yet, since
+# that's what we're trying to produce (see below).
load_fingerprint_secret
-# export to ssh public key file
-create_ssh_pub_file
-
# export to gpg public key to file
create_gpg_pub_file