X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fmh%2Frevoke_key;h=5a013e0db67518842b3000578bf364d5f3ee06e1;hb=c39d11682121a43e690465d194a5bd9fa2275f42;hp=271432b279f4dadbb8c9b20fea741265d757ab3b;hpb=10888c602170f6157ff43a81bad920babdd6a59e;p=monkeysphere.git diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index 271432b..5a013e0 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -8,23 +8,24 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. # revoke host key revoke_key() { -# Coming in here, we expect $HOST_FINGERPRINT to be set, and we -# believe that there is in fact a key. + local keyID + local publish + + keyID=$(check_key_input "$@") if [ "$PROMPT" = "false" ] ; then publish=N else cat <&2 -This will generate a revocation certificate for your host key -(fingerprint: $HOST_FINGERPRINT) and -dump the certificate to standard output. +This will generate a revocation certificate for key $keyID +and dump the certificate to standard output. It can also directly publish the new revocation certificate to the public keyservers via $KEYSERVER if you want it to. @@ -33,7 +34,8 @@ Publishing this certificate will IMMEDIATELY and PERMANENTLY revoke your host key! EOF - read -p "Publish the certificate after generation? (y/n/Q) " publish + printf "Publish the certificate after generation? (y/n/Q) " >&2 + read publish if ! [ "${publish/y/Y}" = 'Y' -o "${publish/n/N}" = 'N' ] ; then failure "aborting at user request" @@ -53,21 +55,24 @@ EOF # certificate immediately, which we can help them do as well. if [ "$PROMPT" = 'false' ] ; then + # FIXME: allow the end user to choose something other than + # "key was compromised" (1) and to supply their own revocation + # string. + local revoke_commands="y 1 -Monkeysphere host key revocation (no prompting) $(date '+%F_%T') +Monkeysphere host key revocation (automated) $(date '+%F_%T%z') y " - revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \ + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${keyID}!" <<<"$revoke_commands" ) \ || failure "Failed to generate revocation certificate!" - else # note: we're not using the gpg_host function because we actually # want to use gpg's UI in this case, so we want to omit --no-tty - revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \ + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \ || failure "Failed to generate revocation certificate!" fi @@ -83,7 +88,8 @@ y if [ "${publish/y/Y}" = 'Y' ] ; then printf "\n" >&2 - read -p "Really publish this cert to $KEYSERVER ? (Y/n) " really + printf "Really publish this cert to $KEYSERVER ? (Y/n) " >&2 + read really if [ "${really/n/N}" = 'N' ] ; then printf "Not publishing.\n" >&2 else