userID="$1"
- # if CHECK_KEYSERVER variable set, check the keyserver
- # for the user ID
- if [ "CHECK_KEYSERVER" ] ; then
- echo 1,2,3,4,5 | \
- gpg --quiet --batch --command-fd 0 --with-colons \
- --keyserver "$KEYSERVER" \
- --search ="$userID" >/dev/null 2>&1
-
- # otherwise just return true
+ log "checking keyserver $KEYSERVER..."
+ echo 1,2,3,4,5 | \
+ gpg --quiet --batch --command-fd 0 --with-colons \
+ --keyserver "$KEYSERVER" \
+ --search ="$userID" >/dev/null 2>&1
+ if [ "$?" = 0 ] ; then
+ log " user ID found on keyserver."
+ return 0
else
- return
+ log " user ID not found on keyserver."
+ return 1
fi
}
fi
requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
- # fetch keys from keyserver, return 1 if none found
- gpg_fetch_userid "$userID" || return 1
+ # if CHECK_KEYSERVER variable set, check the keyserver
+ # for the user ID
+ if [ "$CHECK_KEYSERVER" = "true" ] ; then
+ gpg_fetch_userid "$userID"
+ fi
# output gpg info for (exact) userid and store
gpgOut=$(gpg --fixed-list-mode --list-key --with-colons \
# return 1 if there only "tru" lines are output from gpg
if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
- log " key not found."
+ log " key not found in keychain."
return 1
fi
# key cache file
if [ "$keyOK" -a "$uidOK" -a "${keyIDs[*]}" ] ; then
for keyID in ${keyIDs[@]} ; do
- log " acceptable key/uid found."
+ log " acceptable key/userID found."
if [ "$MODE" = 'known_hosts' ] ; then
# export the key
AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
+CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
# check for the host key in the known_hosts file
hostKey=$(ssh-keygen -F "$HOST")
-# if the host key is not found in the known_hosts file,
-# check the keyserver
-if [ -z "$hostKey" ] ; then
- CHECK_KEYSERVER="true"
+# if the host key is found in the known_hosts file,
+# don't check the keyserver
+if [ "$hostKey" ] ; then
+ CHECK_KEYSERVER="false"
fi
+export CHECK_KEYSERVER
# update the known_hosts file for the host
monkeysphere update-known-hosts "$HOST"