X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fmh%2Fimport_key;h=1b6f267b1e15c5c7c8e5a46775533661efc29cb3;hb=9307f58b4fdf8e139c4fd5de5c3a878b8b12d0b1;hp=c0d595620010e486587d68c377e290fbe828aaee;hpb=5b5a517e61fb5028aea6c2521524ccf2a377d822;p=monkeysphere.git diff --git a/src/share/mh/import_key b/src/share/mh/import_key index c0d5956..1b6f267 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -8,81 +8,54 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# They are Copyright 2008-2009 and are all released under the GPL, +# They are Copyright 2008-2010 and are all released under the GPL, # version 3 or later. import_key() { -local hostName=$(hostname -f) -local keyFile="/etc/ssh/ssh_host_rsa_key" -local keyExpire -local userID +local keyFile="$1" +local serviceName="$2" -# check for presense of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_server_key >/dev/null \ - && failure "An OpenPGP host key already exists." - -# get options -while true ; do - case "$1" in - -f|--keyfile) - keyFile="$2" - shift 2 - ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - hostName="$1" - shift - ;; - break - ;; - esac -done - -if [ ! -f "$keyFile" ] ; then - failure "SSH secret key file '$keyFile' not found." +# check that key file specified +if [ -z "$keyFile" ] ; then + failure "Must specify PEM-encoded key file to import, or specify '-' for stdin." fi -userID="ssh://${hostName}" - -# prompt about key expiration if not specified -keyExpire=$(get_gpg_expiration "$keyExpire") - -echo "The following key parameters will be used for the host private key:" -echo "Import: $keyFile" -echo "Name-Real: $userID" -echo "Expire-Date: $keyExpire" - -read -p "Import key? (Y/n) " OK; OK=${OK:=Y} -if [ ${OK/y/Y} != 'Y' ] ; then - failure "aborting." +# fail if hostname not specified +if [ -z "$serviceName" ] ; then + failure "You must specify a service name for use in the OpenPGP certificate user ID." fi -log verbose "importing ssh key..." -# translate ssh key to a private key -(umask 077 && \ - pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) - -# find the key fingerprint of the newly converted key -fingerprint=$(fingerprint_server_key) +# test that a key with that user ID does not already exist +check_key_userid "$serviceName" "$serviceName" && \ + failure "A key with service name '$serviceName' already exists." + +# check that the service name is well formatted +check_service_name "$serviceName" + +# create host home +mkdir -p "${MHDATADIR}" +mkdir -p "${GNUPGHOME_HOST}" +chmod 700 "${GNUPGHOME_HOST}" + +# import pem-encoded key to an OpenPGP private key +if [ "$keyFile" = '-' ] ; then + log verbose "importing key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + | gpg_host --import +else + log verbose "importing key from file '$keyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + <"$keyFile" \ + | gpg_host --import +fi -# export host ownertrust to authentication keyring -log verbose "setting ultimate owner trust for host key..." -echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" +# export to OpenPGP public key to file +update_pgp_pub_file -# export public key to file -gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "host key imported:" # show info about new key -show_key +show_key "$serviceName" }