X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fseckey2sshagent;h=4b765dc1aae94f16eb42b2654935a751bee98a1e;hb=a7e520c59cf969192baf16147d570c9a9365c191;hp=deab489f6a33cb3410bf60649bfa1bf658ef9be8;hpb=e238f6d15705176f076ad02d62501190d1008c92;p=monkeysphere.git diff --git a/src/seckey2sshagent b/src/seckey2sshagent index deab489..4b765dc 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # seckey2sshagent: this is a hack of a script to cope with the fact # that openpgp2ssh currently cannot support encrypted secret keys. @@ -17,7 +17,7 @@ cleanup() { echo -n "removing temp gpg home... " 1>&2 - rm -rf $FOO + rm -rf "$TMPPRIVATE" echo "done." 1>&2 } @@ -44,7 +44,6 @@ if you're really sure. Answer yes, because this is only relevant to the temporary keyring. Then, do: save - exit At this point, your key will be added to your running ssh-agent with the alias 'monkeysphere-key' and seckey2sshagent should terminate. @@ -58,7 +57,7 @@ You can check on it with: # if no hex string is supplied, just print an explanation. # this covers seckey2sshagent --help, --usage, -h, etc... -if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then +if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then explanation exit fi @@ -68,15 +67,20 @@ trap cleanup EXIT GPGIDS="$1" if [ -z "$GPGIDS" ]; then + # hack: we need to get the list of secret keys, because if you + # --list-secret-keys with no arguments, GPG fails to print the + # capability flags (i've just filed this as + # https://bugs.g10code.com/gnupg/issue945) + KEYIDS=$(gpg2 --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) # default to using all fingerprints of authentication-enabled keys - GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) + GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) fi for GPGID in $GPGIDS; do TMPPRIVATE=$(mktemp -d) - gpg --export-secret-key $GPGID | GNUPGHOME="$TMPPRIVATE" gpg --import + gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import # idea to script the password stuff. not working. # read -s -p "enter gpg password: " PASSWD; echo @@ -92,15 +96,16 @@ for GPGID in $GPGIDS; do # ) # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID - GNUPGHOME="$TMPPRIVATE" gpg --edit-key $GPGID - + GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID" + + KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')'' # creating this alias so the key is named "monkeysphere-key" in the # comment stored by the agent, while never being written to disk in # SSH form: - ln -s /dev/stdin "$TMPPRIVATE"/monkeysphere-key + ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME" - GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys $GPGID | \ - openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c monkeysphere-key) + GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \ + openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME") cleanup done