X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fmh%2Fimport_key;h=0f362b8ce8aff7f1c95d8b56da9b9b3e963ce6ee;hb=638a70f020f4ccda3deb15e5c697d384e0f705d7;hp=cca40fa09e7424af87f82a7f638901b052bf98b8;hpb=e2b547631eae05103fe3219f4e2c7a4f618ef5d0;p=monkeysphere.git diff --git a/src/share/mh/import_key b/src/share/mh/import_key index cca40fa..0f362b8 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -8,57 +8,53 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# They are Copyright 2008-2009 and are all released under the GPL, +# They are Copyright 2008-2010 and are all released under the GPL, # version 3 or later. import_key() { -local hostName -local domain -local userID +local keyFile="$1" +local serviceName="$2" -hostName="$1" +# check that key file specified +if [ -z "$keyFile" ] ; then + failure "Must specify PEM-encoded key file to import, or specify '-' for stdin." +fi -# use the default hostname if not specified -if [ -z "$hostName" ] ; then - hostName=$(hostname -f) - # test that the domain is not obviously illegitimate - domain=${foo##*.} - case $domain in - 'local'|'localdomain') - failure "Host domain '$domain' is not legitimate. Aborting key import." - ;; - esac - # test that there are at least two parts - if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then - failure "Host name '$hostName' is not legitimate. Aborting key import." - fi +# fail if hostname not specified +if [ -z "$serviceName" ] ; then + failure "You must specify a service name for use in the OpenPGP certificate user ID." fi -userID="ssh://${hostName}" +# test that a key with that user ID does not already exist +prompt_userid_exists "$serviceName" + +# check that the service name is well formatted +check_service_name "$serviceName" # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -log verbose "importing ssh key..." -# translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - | gpg_host --import - -# load the new host fpr into the fpr variable. this is so we can -# create the gpg pub key file. we have to do this from the secret key -# ring since we obviously don't have the gpg pub key file yet, since -# that's what we're trying to produce (see below). -load_fingerprint_secret +# import pem-encoded key to an OpenPGP private key +if [ "$keyFile" = '-' ] ; then + log verbose "importing key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + | gpg_host --import +else + log verbose "importing key from file '$keyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + <"$keyFile" \ + | gpg_host --import +fi -# export to gpg public key to file -update_gpg_pub_file +# export to OpenPGP public key to file +update_pgp_pub_file log info "host key imported:" # show info about new key -show_key +show_key "$serviceName" }