import_key() {
+local sshKeyFile
local hostName
+local domain
local userID
-hostName=${1:-$(hostname -f)}
+sshKeyFile="$1"
+hostName="$2"
+
+# check that key file specified
+if [ -z "$sshKeyFile" ] ; then
+ failure "Must specify ssh key file to import, or specify '-' for stdin."
+fi
+
+# fail if hostname not specified
+if [ -z "$hostName" ] ; then
+ failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
+fi
userID="ssh://${hostName}"
# create host home
-mkdir -p "$GNUPGHOME_HOST"
-chmod 700 "$GNUPGHOME_HOST"
+mkdir -p "${MHDATADIR}"
+mkdir -p "${GNUPGHOME_HOST}"
+chmod 700 "${GNUPGHOME_HOST}"
-log verbose "importing ssh key..."
-# translate ssh key to a private key
-PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \
- gpg_host --import
+# import ssh key to a private key
+if [ "$sshKeyFile" = '-' ] ; then
+ log verbose "importing ssh key from stdin..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+ | gpg_host --import
+else
+ log verbose "importing ssh key from file '$sshKeyFile'..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+ <"$sshKeyFile" \
+ | gpg_host --import
+fi
-# load the new host fpr into the fpr variable
+# load the new host fpr into the fpr variable. this is so we can
+# create the gpg pub key file. we have to do this from the secret key
+# ring since we obviously don't have the gpg pub key file yet, since
+# that's what we're trying to produce (see below).
load_fingerprint_secret
# export to gpg public key to file
-create_gpg_pub_file
+update_gpg_pub_file
+
+log info "host key imported:"
# show info about new key
show_key