Generate a gpg key for the host. `g' may be used in place of
`gen-key'.
.TP
+.B show-fingerprint
+Show the fingerprint for the host's OpenPGP key. `f' may be used in place of
+`show-fingerprint'.
+.TP
.B publish-key
Publish the host's gpg key to the keyserver. `p' may be used in place
-of `publish-key'
+of `publish-key'.
.TP
.B trust-keys KEYID...
Mark key specified with key IDs with full owner trust. `t' may be used
)
# add the revoker field if requested
+# FIXME: the 1: below assumes that $REVOKER's key is an RSA key. why?
+# FIXME: why is this marked "sensitive"? how will this signature ever
+# be transmitted to the expected revoker?
if [ "$REVOKER" ] ; then
keyParameters="${keyParameters}"$(cat <<EOF
log -n "generating server key... "
echo "$keyParameters" | gpg --batch --gen-key
- loge "done."
+ log "done."
+ fingerprint_server_key
+}
+
+fingerprint_server_key() {
+ gpg --fingerprint --list-secret-keys =ssh://$(hostname --fqdn)
}
########################################################################
gen_key "$1"
;;
+ 'show-fingerprint'|'f')
+ fingerprint_server_key
+ ;;
+
'publish-key'|'p')
publish_server_key
;;