authenticate and encrypt ssh connections.
It is free software, developed by:
- Jameson Rollins <jrollins@fifthhorseman.net>
+ Jameson Graef Rollins <jrollins@finestructure.net>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Jamie McClelland <jamie@mayfirst.org>
Micah Anderson <micah@riseup.net>
debian-package: tarball
tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz
+ sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common
cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION)
(cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us)
rm -rf monkeysphere-$(MONKEYSPHERE_VERSION)
mkdir -p $(DESTDIR)$(PREFIX)/bin $(DESTDIR)$(PREFIX)/sbin $(DESTDIR)$(PREFIX)/share/monkeysphere
mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
mkdir -p $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere
- install src/monkeysphere src/monkeysphere-ssh-proxycommand src/keytrans/openpgp2ssh $(DESTDIR)$(PREFIX)/bin
+ install src/monkeysphere src/monkeysphere-ssh-proxycommand src/keytrans/openpgp2ssh src/keytrans/pem2openpgp $(DESTDIR)$(PREFIX)/bin
install src/monkeysphere-server $(DESTDIR)$(PREFIX)/sbin
install -m 0644 src/common $(DESTDIR)$(PREFIX)/share/monkeysphere
install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere
* Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work
* Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs
* Rotated the giant logs out
- * aptitude update && aptitude full-upgrade
+2009-01-11 - dkg
+ * extended the expiration date for george's key three months into
+ the future.
+ * aptitude update && aptitude full-upgrade (brings monkeysphere to
+ 0.22-1)
2008-10-29 - dkg
* aptitude update && aptitude full-upgrade
+++ /dev/null
-******************************************************************************
-* *
-* zimmerman system log *
-* *
-******************************************************************************
-* Please add new entries in reverse chronological order whenever you make *
-* changes to this system (first command at top, last at bottom) *
-******************************************************************************
-
-2008-11-17 - micah
- * verified the SHA256 values for the key material
- * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild)
- * chown -R debian-sks:debian-sks /var/lib/sks
- * edit /etc/default/sks to enable the initscript
- * /etc/init.d/sks start
- * rm -rf /var/lib/sks/dump
-
-2008-11-15 - micah
- * aptitude update && aptitude full-upgrade
- * aptitude install sks
- * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \
- http://nynex.net/keydump/ -e robots=off
- * install monkeysphere 0.21-2 package
- * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2
-
-2008-11-15 - jamie
- * aptitude install esmtp-run mailx
- * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org
--- /dev/null
+******************************************************************************
+* *
+* zimmermann system log *
+* *
+******************************************************************************
+* Please add new entries in reverse chronological order whenever you make *
+* changes to this system (first command at top, last at bottom) *
+******************************************************************************
+
+2008-11-29 - dkg
+ * zimmermann now uses an X.509 certificate signed by the MF/PL CA
+ for its HTTPS connection.
+
+2008-11-19 - dkg
+ * added 10 SKS peers as a result of feedback from sks-devel.
+ * set localtime to America/New_York via dpkg-reconfigure tzdata
+ * aptitude update && aptitude full-upgrade
+ * set up /var/lib/sks/www/index.html based on
+ doc/zimmermann/index.html from this repo.
+ * made nginx proxy plain ol' HTTP on port 80 also so that SKS does
+ not need to try to listen on a privileged port.
+ * turned on initial_stat and stat_hour: 3 in /etc/sks/sksconf
+
+2008-11-19 - mlc
+ * aptitude install nginx
+ * get rid of /etc/nginx/sites-enabled/default
+ * create /etc/nginx/sites-available/https-proxy and make a symlink
+ to it in the sites-enabled directory
+ * invoke-rc.d nginx start
+
+2008-11-17 - micah
+ * verified the SHA256 values for the key material
+ * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild)
+ * chown -R debian-sks:debian-sks /var/lib/sks
+ * edit /etc/default/sks to enable the initscript
+ * /etc/init.d/sks start
+ * rm -rf /var/lib/sks/dump
+
+2008-11-15 - micah
+ * aptitude update && aptitude full-upgrade
+ * aptitude install sks
+ * cd /var/lib/sks/dump ; wget -q -r -np -nd -A bz2,SHA256,asc \
+ http://nynex.net/keydump/ -e robots=off
+ * install monkeysphere 0.21-2 package
+ * apt-get install bzip2 ; bunzip2 /var/lib/sks/dump/*.bz2
+
+2008-11-15 - jamie
+ * aptitude install esmtp-run mailx
+ * edited /etc/esmtp-run, configured to relay to bulk.mayfirst.org
--- /dev/null
+server {
+ listen 443;
+ server_name zimmermann.mayfirst.org;
+ ssl on;
+ ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+ ssl_ciphers HIGH:MEDIUM:!ADH;
+
+ access_log off;
+
+ location / {
+ proxy_pass http://localhost:11371/;
+ }
+}
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+ <head>
+ <title>SKS Search Page</title>
+ <meta http-equiv="content-type" content="text/html; charset="utf-8">
+ <meta name="author" content="Yaron M. Minsky/Jack Cummings/Daniel Kahn Gillmor">
+ </head>
+ <body text="#000000" bgcolor="#ffffff" link="#000099" vlink="#990099" alink="#000099">
+ <h1><a href="http://www.nongnu.org/sks/">SKS OpenPGP Keyserver</a> <br> @zimmermann.mayfirst.org</h1>
+ <p> SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. </p>
+ <p>You can find out more about SKS, along with links to graphs of the network status <a href="http://www.nongnu.org/sks/">here</a>.</p>
+ <table cellpadding="2" cellspacing="2" border="1" width="600" bgcolor="#ddddff">
+ <tr>
+ <td valign="top">
+ <h3>Extract a key</h3>
+ <p>You can extract a key by typing in some words that appear in the userid
+ of the key you're looking for, or by typing in the keyid in hex format ("0x...")</p>
+ <p>
+ <form action="/pks/lookup" method="get">
+ Search String: <input name="search" size="40"> <br>
+ Show PGP "fingerprints" for keys
+ <input type="checkbox" name="fingerprint"> <br>
+ Show SKS full-key hashes
+ <input type="checkbox" name="hash"> <br>
+ Search for keys: <br>
+ <input type="radio" name="op" value="index" CHECKED> get index of matching keys <br>
+ <input type="radio" name="op" value="vindex"> get verbose index of matching keys <br>
+ <input type="radio" name="op" value="get"> retrieve ascii-armored keys <br>
+ <input type="radio" name="op" value="hget"> retrieve keys by full-key hash
+ <br>
+ <input type="reset" value="Reset">
+ <input type="submit">
+ </form>
+ <br>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top">
+ <h3>Submit a key</h3>
+ You can submit a key by simply pasting in the ASCII-armored version
+ of your key and clicking on submit.
+ <form action="/pks/add" method="post">
+ <textarea name="keytext" rows="20" cols="66"></textarea> <br>
+ <input type="reset" value="Reset">
+ <input type="submit" value="Submit this key to the keyserver!">
+ </form>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <h3>
+ Access
+ </h3>
+ To use this server directly via HKP add this to your .PGP keyserver list:<br>
+
+<pre>x-hkp://zimmermann.mayfirst.org
+http://zimmermann.mayfirst.org:11371</pre>
+
+ You can also select a random server by adding this to your keyserver list:<br>
+
+<pre>x-hkp://pool.sks-keyservers.net
+http://pool.sks-keyservers.net:11371</pre>
+
+ </td>
+ </tr>
+ </tbody>
+ </table>
+
+<hr>
+ [<a href="/pks/lookup?op=stats">Server Status</a>] If you have any questions
+ about or problems with this server, please <a href="https://support.mayfirst.org/newticket?summary=zimmermann.mayfirst.org%20trouble">open a ticket</a>.
+ </body>
+</html>
passed in. If you send it more than one primary key, it will silently
ignore later ones.
.Sh SEE ALSO
+.Xr pem2openpgp 1 ,
.Xr monkeysphere 1 ,
.Xr monkeysphere 7 ,
.Xr ssh 1 ,
-monkeysphere (0.22~pre-1) UNRELEASED; urgency=low
+monkeysphere (0.23~pre-1) UNRELEASED; urgency=low
* New upstream release:
- [ Jameson Rollins ]
+ - added better checks for the existence of a host private key for
+ functions that require it to be there.
+ - add checks for root users, for functions where it is required.
+ - get rid of getopts.
+ - added version output option
+ - check that existing authentication keys are valid in gen_key
+ function.
+
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 30 Dec 2008 20:21:16 -0500
+
+monkeysphere (0.22-1) unstable; urgency=low
+
+ * New upstream release:
+ [ Jameson Graef Rollins ]
- added info log output when a new key is added to known_hosts file.
- added some useful output to the ssh-proxycommand for "marginal"
- automatically output two copies of the host's public key: one
standard ssh public key file, and the other a minimal OpenPGP key with
just the latest valid self-sig.
+ - debian/control: corrected alternate dependency from procfile to
+ procmail (which provides /usr/bin/lockfile)
- -- Jameson Graef Rollins <jrollins@finestructure.net> Mon, 17 Nov 2008 18:15:43 -0500
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Fri, 28 Nov 2008 14:23:31 -0500
monkeysphere (0.21-2) unstable; urgency=low
Package: monkeysphere
Architecture: any
-Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends}
+Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procmail, adduser, ${shlibs:Depends}
Recommends: netcat | socat, ssh-askpass
Enhances: openssh-client, openssh-server
Description: use the OpenPGP web of trust to verify ssh connections
#
PORTNAME= monkeysphere
-PORTVERSION= 0.19
+PORTVERSION= 0.22
CATEGORIES= security
MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/
# hack for debian orig tarballs
-MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e
-SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522
-SIZE (monkeysphere_0.19.orig.tar.gz) = 68335
+MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6
+SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24
+SIZE (monkeysphere_0.22.orig.tar.gz) = 70245
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1
+--- src/monkeysphere-ssh-proxycommand.orig
++++ src/monkeysphere-ssh-proxycommand
+@@ -16,7 +16,7 @@
+ ########################################################################
+ PGRM=$(basename $0)
+
+-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"}
+ export SYSSHAREDIR
+ . "${SYSSHAREDIR}/common" || exit 1
+
--- /dev/null
+http://www.rpm-based.org/how-to-create-rpm-package
--- /dev/null
+Name: monkeysphere
+Summary: use the OpenPGP web of trust to verify ssh connections
+Version: 0.22~pre
+Release: 1
+License: GPLv3
+Group: net
+URL: http://web.monkeysphere.info/
+
+Source: http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_%{version}.orig.tar.gz
+
+%description
+SSH key-based authentication is tried-and-true, but it lacks a true
+Public Key Infrastructure for key certification, revocation and
+expiration. Monkeysphere is a framework that uses the OpenPGP web of
+trust for these PKI functions. It can be used in both directions: for
+users to get validated host keys, and for hosts to authenticate users.
+
+Monkeysphere is free software released under the GNU General Public
+License (GPL).
+
+%prep
+%setup -q
+
+%build
+%{__make}
+
+%install
+%{__rm} -rf %{buildroot}
+Prefix=%{buildroot}/usr
+%makeinstall
+
+%clean
+%{__rm} -rf %{buildroot}
+
+%files
+%defattr(-, root, root, 0755)
+
+%changelog
+* Sat Nov 22 2008 -
+- Initial release.
SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"}
export SYSCONFIGDIR
+# monkeysphere version
+VERSION=__VERSION__
+
########################################################################
### UTILITY FUNCTIONS
local shortunits
# try things the GNU way first
- if date -d "$number $longunits" "$format" >&/dev/null ; then
+ if date -d "$number $longunits" "$format" >/dev/null 2>&1; then
date -d "$number $longunits" "$format"
else
# otherwise, convert to (a limited version of) BSD date syntax:
--- /dev/null
+#!/usr/bin/perl -w -T
+
+# pem2openpgp: take a PEM-encoded RSA private-key on standard input, a
+# User ID as the first argument, and generate an OpenPGP secret key
+# and certificate from it.
+
+# WARNING: the secret key material *will* appear on stdout (albeit in
+# OpenPGP form) -- if you redirect stdout to a file, make sure the
+# permissions on that file are appropriately locked down!
+
+# Usage:
+
+# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import
+
+# Authors:
+# Jameson Rollins <jrollins@finestructure.net>
+# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+# Started on: 2009-01-07 02:01:19-0500
+
+# License: GPL v3 or later (we may need to adjust this given that this
+# connects to OpenSSL via perl)
+
+use strict;
+use warnings;
+use Crypt::OpenSSL::RSA;
+use Crypt::OpenSSL::Bignum;
+use Crypt::OpenSSL::Bignum::CTX;
+use Digest::SHA1;
+use MIME::Base64;
+
+## make sure all length() and substr() calls use bytes only:
+use bytes;
+
+my $uid = shift;
+
+# FIXME: fail if there is no given user ID; or should we default to
+# hostname_long() from Sys::Hostname::Long ?
+
+
+
+# see RFC 4880 section 9.1 (ignoring deprecated algorithms for now)
+my $asym_algos = { rsa => 1,
+ elgamal => 16,
+ dsa => 17,
+ };
+
+# see RFC 4880 section 9.2
+my $ciphers = { plaintext => 0,
+ idea => 1,
+ tripledes => 2,
+ cast5 => 3,
+ blowfish => 4,
+ aes128 => 7,
+ aes192 => 8,
+ aes256 => 9,
+ twofish => 10,
+ };
+
+# see RFC 4880 section 9.3
+my $zips = { uncompressed => 0,
+ zip => 1,
+ zlib => 2,
+ bzip2 => 3,
+ };
+
+# see RFC 4880 section 9.4
+my $digests = { md5 => 1,
+ sha1 => 2,
+ ripemd160 => 3,
+ sha256 => 8,
+ sha384 => 9,
+ sha512 => 10,
+ sha224 => 11,
+ };
+
+# see RFC 4880 section 5.2.3.21
+my $usage_flags = { certify => 0x01,
+ sign => 0x02,
+ encrypt_comms => 0x04,
+ encrypt_storage => 0x08,
+ encrypt => 0x0c, ## both comms and storage
+ split => 0x10, # the private key is split via secret sharing
+ authenticate => 0x20,
+ shared => 0x80, # more than one person holds the entire private key
+ };
+
+# see RFC 4880 section 4.3
+my $packet_types = { pubkey_enc_session => 1,
+ sig => 2,
+ symkey_enc_session => 3,
+ onepass_sig => 4,
+ seckey => 5,
+ pubkey => 6,
+ sec_subkey => 7,
+ compressed_data => 8,
+ symenc_data => 9,
+ marker => 10,
+ literal => 11,
+ trust => 12,
+ uid => 13,
+ pub_subkey => 14,
+ uat => 17,
+ symenc_w_integrity => 18,
+ mdc => 19,
+ };
+
+# see RFC 4880 section 5.2.1
+my $sig_types = { binary_doc => 0x00,
+ text_doc => 0x01,
+ standalone => 0x02,
+ generic_certification => 0x10,
+ persona_certification => 0x11,
+ casual_certification => 0x12,
+ positive_certification => 0x13,
+ subkey_binding => 0x18,
+ primary_key_binding => 0x19,
+ key_signature => 0x1f,
+ key_revocation => 0x20,
+ subkey_revocation => 0x28,
+ certification_revocation => 0x30,
+ timestamp => 0x40,
+ thirdparty => 0x50,
+ };
+
+
+# see RFC 4880 section 5.2.3.1
+my $subpacket_types = { sig_creation_time => 2,
+ sig_expiration_time => 3,
+ exportable => 4,
+ trust_sig => 5,
+ regex => 6,
+ revocable => 7,
+ key_expiration_time => 9,
+ preferred_cipher => 11,
+ revocation_key => 12,
+ issuer => 16,
+ notation => 20,
+ preferred_digest => 21,
+ preferred_compression => 22,
+ keyserver_prefs => 23,
+ preferred_keyserver => 24,
+ primary_uid => 25,
+ policy_uri => 26,
+ usage_flags => 27,
+ signers_uid => 28,
+ revocation_reason => 29,
+ features => 30,
+ signature_target => 31,
+ embedded_signature => 32,
+ };
+
+# bitstring (see RFC 4880 section 5.2.3.24)
+my $features = { mdc => 0x01
+ };
+
+# bitstring (see RFC 4880 5.2.3.17)
+my $keyserver_prefs = { nomodify => 0x80
+ };
+
+###### end lookup tables ######
+
+# FIXME: if we want to be able to interpret openpgp data as well as
+# produce it, we need to produce key/value-swapped lookup tables as well.
+
+
+########### Math/Utility Functions ##############
+
+
+# see the bottom of page 43 of RFC 4880
+sub simple_checksum {
+ my $bytes = shift;
+
+ return unpack("%32W*",$bytes) % 65536;
+}
+
+# calculate the multiplicative inverse of a mod b this is euclid's
+# extended algorithm. For more information see:
+# http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the
+# arguments here should be Crypt::OpenSSL::Bignum objects. $a should
+# be the larger of the two values, and the two values should be
+# coprime.
+
+sub modular_multi_inverse {
+ my $a = shift;
+ my $b = shift;
+
+ my $ctx = Crypt::OpenSSL::Bignum::CTX->new();
+ my $x = Crypt::OpenSSL::Bignum->zero();
+ my $y = Crypt::OpenSSL::Bignum->one();
+ my $lastx = Crypt::OpenSSL::Bignum->one();
+ my $lasty = Crypt::OpenSSL::Bignum->zero();
+
+ while (! $b->is_zero()) {
+ my ($quotient, $remainder) = $a->div($b, $ctx);
+
+ $a = $b;
+ $b = $remainder;
+
+ my $temp = $x;
+ $x = $lastx->sub($quotient->mul($x, $ctx));
+ $lastx = $temp;
+
+ $temp = $y;
+ $y = $lasty->sub($quotient->mul($y, $ctx));
+ $lasty = $temp;
+ }
+
+ if (!$a->is_one()) {
+ die "did this math wrong.\n";
+ }
+
+ return $lastx;
+}
+
+
+############ OpenPGP formatting functions ############
+
+# make an old-style packet out of the given packet type and body.
+# old-style (see RFC 4880 section 4.2)
+sub make_packet {
+ my $type = shift;
+ my $body = shift;
+
+ my $len = length($body);
+
+ my $lenbytes;
+ my $lencode;
+
+ if ($len < 2**8) {
+ $lenbytes = 0;
+ $lencode = 'C';
+ } elsif ($len < 2**16) {
+ $lenbytes = 1;
+ $lencode = 'n';
+ } elsif ($len < 2**31) {
+ ## not testing against full 32 bits because i don't want to deal
+ ## with potential overflow.
+ $lenbytes = 2;
+ $lencode = 'N';
+ } else {
+ ## what the hell do we do here?
+ $lenbytes = 3;
+ $lencode = '';
+ }
+
+ return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len).
+ $body;
+}
+
+
+# takes a Crypt::OpenSSL::Bignum, returns it formatted as OpenPGP MPI
+# (RFC 4880 section 3.2)
+sub mpi_pack {
+ my $num = shift;
+
+ my $val = $num->to_bin();
+ my $mpilen = length($val)*8;
+
+# this is a kludgy way to get the number of significant bits in the
+# first byte:
+ my $bitsinfirstbyte = length(sprintf("%b", ord($val)));
+
+ $mpilen -= (8 - $bitsinfirstbyte);
+
+ return pack('n', $mpilen).$val;
+}
+
+# FIXME: genericize these to accept either RSA or DSA keys:
+sub make_rsa_pub_key_body {
+ my $key = shift;
+ my $timestamp = shift;
+
+ my ($n, $e) = $key->get_key_parameters();
+
+ return
+ pack('CN', 4, $timestamp).
+ pack('C', $asym_algos->{rsa}).
+ mpi_pack($n).
+ mpi_pack($e);
+}
+
+sub make_rsa_sec_key_body {
+ my $key = shift;
+ my $timestamp = shift;
+
+ # we're not using $a and $b, but we need them to get to $c.
+ my ($n, $e, $d, $p, $q) = $key->get_key_parameters();
+
+ my $secret_material = mpi_pack($d).
+ mpi_pack($p).
+ mpi_pack($q).
+ mpi_pack(modular_multi_inverse($p, $q));
+
+ # according to Crypt::OpenSSL::RSA, the closest value we can get out
+ # of get_key_parameters is 1/q mod p; but according to sec 5.5.3 of
+ # RFC 4880, we're actually looking for u, the multiplicative inverse
+ # of p, mod q. This is why we're calculating the value directly
+ # with modular_multi_inverse.
+
+ return
+ pack('CN', 4, $timestamp).
+ pack('C', $asym_algos->{rsa}).
+ mpi_pack($n).
+ mpi_pack($e).
+ pack('C', 0). # seckey material is not encrypted -- see RFC 4880 sec 5.5.3
+ $secret_material.
+ pack('n', simple_checksum($secret_material));
+}
+
+# expects an RSA key (public or private) and a timestamp
+sub fingerprint {
+ my $key = shift;
+ my $timestamp = shift;
+
+ my $rsabody = make_rsa_pub_key_body($key, $timestamp);
+
+ return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody);
+}
+
+# we're just not dealing with newline business right now. slurp in
+# the whole file.
+undef $/;
+my $buf = <STDIN>;
+
+
+my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf);
+
+$rsa->use_sha1_hash();
+
+# see page 22 of RFC 4880 for why i think this is the right padding
+# choice to use:
+$rsa->use_pkcs1_padding();
+
+if (! $rsa->check_key()) {
+ die "key does not check";
+}
+
+my $version = pack('C', 4);
+# strong assertion of identity:
+my $sigtype = pack('C', $sig_types->{positive_certification});
+# RSA
+my $pubkey_algo = pack('C', $asym_algos->{rsa});
+# SHA1
+my $hash_algo = pack('C', $digests->{sha1});
+
+# FIXME: i'm worried about generating a bazillion new OpenPGP
+# certificates from the same key, which could easily happen if you run
+# this script more than once against the same key (because the
+# timestamps will differ). How can we prevent this?
+
+# could an environment variable (if set) override the current time, to
+# be able to create a standard key? If we read the key from a file
+# instead of stdin, should we use the creation time on the file?
+my $timestamp = time();
+
+my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp);
+
+
+# FIXME: HARDCODED: what if someone wants to select a different set of
+# usage flags? For now, we do only authentication because that's what
+# monkeysphere needs.
+my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $usage_flags->{authenticate});
+
+
+# FIXME: HARDCODED: how should we determine how far off to set the
+# expiration date? default is to expire in 2 days, which is insanely
+# short (but good for testing). The user ought to be able to decide
+# this directly, rather than having to do "monkeysphere-server
+# extend-key".
+my $expires_in = 86400*2;
+my $expiration_packet = pack('CCN', 5, $subpacket_types->{key_expiration_time}, $expires_in);
+
+
+# prefer AES-256, AES-192, AES-128, CAST5, 3DES:
+my $pref_sym_algos = pack('CCCCCCC', 6, $subpacket_types->{preferred_cipher},
+ $ciphers->{aes256},
+ $ciphers->{aes192},
+ $ciphers->{aes128},
+ $ciphers->{cast5},
+ $ciphers->{tripledes}
+ );
+
+# prefer SHA-1, SHA-256, RIPE-MD/160
+my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest},
+ $digests->{sha1},
+ $digests->{sha256},
+ $digests->{ripemd160}
+ );
+
+# prefer ZLIB, BZip2, ZIP
+my $pref_zip_algos = pack('CCCCC', 4, $subpacket_types->{preferred_compression},
+ $zips->{zlib},
+ $zips->{bzip2},
+ $zips->{zip}
+ );
+
+# we support the MDC feature:
+my $feature_subpacket = pack('CCC', 2, $subpacket_types->{features},
+ $features->{mdc});
+
+# keyserver preference: only owner modify (???):
+my $keyserver_pref = pack('CCC', 2, $subpacket_types->{keyserver_prefs},
+ $keyserver_prefs->{nomodify});
+
+my $subpackets_to_be_hashed =
+ $creation_time_packet.
+ $usage_packet.
+ $expiration_packet.
+ $pref_sym_algos.
+ $pref_hash_algos.
+ $pref_zip_algos.
+ $feature_subpacket.
+ $keyserver_pref;
+
+my $subpacket_octets = pack('n', length($subpackets_to_be_hashed));
+
+my $sig_data_to_be_hashed =
+ $version.
+ $sigtype.
+ $pubkey_algo.
+ $hash_algo.
+ $subpacket_octets.
+ $subpackets_to_be_hashed;
+
+my $pubkey = make_rsa_pub_key_body($rsa, $timestamp);
+my $seckey = make_rsa_sec_key_body($rsa, $timestamp);
+
+my $key_data = make_packet($packet_types->{pubkey}, $pubkey);
+
+# take the last 8 bytes of the fingerprint as the keyid:
+my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8);
+
+# the v4 signature trailer is:
+
+# version number, literal 0xff, and then a 4-byte count of the
+# signature data itself.
+my $trailer = pack('CCN', 4, 0xff, length($sig_data_to_be_hashed));
+
+my $uid_data =
+ pack('CN', 0xb4, length($uid)).
+ $uid;
+
+my $datatosign =
+ $key_data.
+ $uid_data.
+ $sig_data_to_be_hashed.
+ $trailer;
+
+my $data_hash = Digest::SHA1::sha1_hex($datatosign);
+
+
+my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid);
+
+my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign));
+
+my $sig_body =
+ $sig_data_to_be_hashed.
+ pack('n', length($issuer_packet)).
+ $issuer_packet.
+ pack('n', hex(substr($data_hash, 0, 4))).
+ mpi_pack($sig);
+
+print
+ make_packet($packet_types->{seckey}, $seckey).
+ make_packet($packet_types->{uid}, $uid).
+ make_packet($packet_types->{sig}, $sig_body);
+
+
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
update-authorized_keys (a) update authorized_keys file
+ import-subkey (i) import existing ssh key as gpg subkey
+ --keyfile (-f) FILE key file to import
+ --expire (-e) EXPIRE date to expire
gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
subkey-to-ssh-agent (s) store authentication subkey in ssh-agent
+ version (v) show version number
help (h,?) this help
EOF
}
-# generate a subkey with the 'a' usage flags set
-gen_subkey(){
- local keyLength
+# import an existing ssh key as a gpg subkey
+import_subkey() {
+ local keyFile="~/.ssh/id_rsa"
local keyExpire
local keyID
local gpgOut
local userID
- # set default key parameter values
- keyLength=
- keyExpire=
-
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
+ while true ; do
+ case "$1" in
+ -f|--keyfile)
+ keyFile="$2"
+ shift 2
+ ;;
+ -e|--expire)
+ keyExpire="$2"
+ shift 2
+ ;;
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
+ break
+ ;;
+ esac
+ done
- if [ $? != 0 ] ; then
- exit 1
- fi
+ log verbose "importing ssh key..."
+ fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+ (umask 077 && mkfifo "$fifoDir/pass")
+ ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import &
+
+ passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
+
+ rm -rf "$fifoDir"
+ wait
+ log verbose "done."
+}
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
+# generate a subkey with the 'a' usage flags set
+gen_subkey(){
+ local keyLength
+ local keyExpire
+ local keyID
+ local gpgOut
+ local userID
+ # get options
while true ; do
case "$1" in
-l|--length)
keyExpire="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
done
- if [ -z "$1" ] ; then
- # find all secret keys
- keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u)
- # if multiple sec keys exist, fail
- if (( $(echo "$keyID" | wc -l) > 1 )) ; then
- echo "Multiple secret keys found:"
- echo "$keyID"
+ case "$#" in
+ 0)
+ gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:')
+ ;;
+ 1)
+ gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure
+ ;;
+ *)
+ failure "You must specify only a single primary key ID."
+ ;;
+ esac
+
+ # check that only a single secret key was found
+ case $(echo "$gpgSecOut" | grep -c '^sec:') in
+ 0)
+ failure "No secret keys found. Create an OpenPGP key with the following command:
+ gpg --gen-key"
+ ;;
+ 1)
+ keyID=$(echo "$gpgSecOut" | cut -d: -f5)
+ ;;
+ *)
+ echo "Multiple primary secret keys found:"
+ echo "$gpgSecOut" | cut -d: -f5
failure "Please specify which primary key to use."
+ ;;
+ esac
+
+ # check that a valid authentication key does not already exist
+ IFS=$'\n'
+ for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do
+ type=$(echo "$line" | cut -d: -f1)
+ validity=$(echo "$line" | cut -d: -f2)
+ usage=$(echo "$line" | cut -d: -f12)
+
+ # look at keys only
+ if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then
+ continue
fi
- else
- keyID="$1"
- fi
- if [ -z "$keyID" ] ; then
- failure "You have no secret key available. You should create an OpenPGP
-key before joining the monkeysphere. You can do this with:
- gpg --gen-key"
- fi
-
- # get key output, and fail if not found
- gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \
- "$keyID") || failure
-
- # fail if multiple sec lines are returned, which means the id
- # given is not unique
- if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then
- failure "Key ID '$keyID' is not unique."
- fi
-
- # prompt if an authentication subkey already exists
- if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then
- echo "An authentication subkey already exists for key '$keyID'."
- read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
- if [ "${OK/y/Y}" != 'Y' ] ; then
- failure "aborting."
+ # check for authentication capability
+ if ! check_capability "$usage" 'a' ; then
+ continue
fi
- fi
+ # if authentication key is valid, prompt to continue
+ if [ "$validity" = 'u' ] ; then
+ echo "A valid authentication key already exists for primary key '$keyID'."
+ read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "aborting."
+ fi
+ break
+ fi
+ done
# set subkey defaults
# prompt about key expiration if not specified
(umask 077 && mkfifo "$fifoDir/pass")
echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+ # FIXME: this needs to fail more gracefully if the passphrase is incorrect
passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
rm -rf "$fifoDir"
log verbose "done."
}
-function subkey_to_ssh_agent() {
+subkey_to_ssh_agent() {
# try to add all authentication subkeys to the agent:
local sshaddresponse
RETURN="$?"
;;
+ 'import-subkey'|'i')
+ import_key "$@"
+ ;;
+
'gen-subkey'|'g')
gen_subkey "$@"
;;
subkey_to_ssh_agent "$@"
;;
+ 'version'|'v')
+ echo "$VERSION"
+ ;;
+
'--help'|'help'|'-h'|'h'|'?')
usage
;;
subcommands:
update-users (u) [USER]... update user authorized_keys files
- gen-key (g) [NAME[:PORT]] generate gpg key for the server
+ import-key (i) import existing ssh key to gpg
+ --hostname (-h) NAME[:PORT] hostname for key user ID
+ --keyfile (-f) FILE key file to import
+ --expire (-e) EXPIRE date to expire
+ gen-key (g) generate gpg key for the host
+ --hostname (-h) NAME[:PORT] hostname for key user ID
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
--revoker (-r) FINGERPRINT add a revoker
- extend-key (e) EXPIRE extend expiration to EXPIRE
- add-hostname (n+) NAME[:PORT] add hostname user ID to server key
+ extend-key (e) EXPIRE extend host key expiration
+ add-hostname (n+) NAME[:PORT] add hostname user ID to host key
revoke-hostname (n-) NAME[:PORT] revoke hostname user ID
+ add-revoker (o) FINGERPRINT add a revoker to the host key
+ revoke-key (r) revoke host key
show-key (s) output all server host key information
publish-key (p) publish server host key to keyserver
diagnostics (d) report on server monkeysphere status
remove-id-certifier (c-) KEYID remove a certification key
list-id-certifiers (c) list certification keys
- gpg-authentication-cmd CMD gnupg-authentication command
+ gpg-authentication-cmd CMD give a gpg command to the
+ authentication keyring
+ version (v) show version number
help (h,?) this help
EOF
su_monkeysphere_user "gpg $@"
}
+# check if user is root
+is_root() {
+ [ $(id -u 2>/dev/null) = '0' ]
+}
+
+# check that user is root, for functions that require root access
+check_user() {
+ is_root || failure "You must be root to run this command."
+}
+
# output just key fingerprint
fingerprint_server_key() {
+ # set the pipefail option so functions fails if can't read sec key
+ set -o pipefail
+
gpg_host --list-secret-keys --fingerprint \
--with-colons --fixed-list-mode 2> /dev/null | \
- grep '^fpr:' | head -1 | cut -d: -f10
+ grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null
+}
+
+# function to check for host secret key
+check_host_keyring() {
+ fingerprint_server_key >/dev/null \
+ || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first."
}
# output key information
show_server_key() {
- local fingerprint
- local tmpkey
+ local fingerprintPGP
+ local fingerprintSSH
+ local ret=0
+
+ # FIXME: you shouldn't have to be root to see the host key fingerprint
+ if is_root ; then
+ check_host_keyring
+ fingerprintPGP=$(fingerprint_server_key)
+ gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null
+ echo "OpenPGP fingerprint: $fingerprintPGP"
+ else
+ log info "You must be root to see host OpenPGP fingerprint."
+ ret='1'
+ fi
- fingerprint=$(fingerprint_server_key)
- gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint"
-
- # do some crazy "Here Strings" redirection to get the key to
- # ssh-keygen, since it doesn't read from stdin cleanly
- echo -n "ssh fingerprint: "
- ssh-keygen -l -f /dev/stdin \
- <<<$(gpg_authentication "--export $fingerprint" | \
- openpgp2ssh "$fingerprint" 2>/dev/null) | \
- awk '{ print $1, $2, $4 }'
- echo -n "OpenPGP fingerprint: "
- echo "$fingerprint"
+ if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then
+ fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \
+ awk '{ print $1, $2, $4 }')
+ echo "ssh fingerprint: $fingerprintSSH"
+ else
+ log info "SSH host key not found."
+ ret='1'
+ fi
+
+ return $ret
}
# update authorized_keys for users
done
}
+# import an existing ssh key to a gpg key
+import_key() {
+ local hostName=$(hostname -f)
+ local keyFile="/etc/ssh/ssh_host_rsa_key"
+ local keyExpire
+ local userID
+
+ # check for presense of secret key
+ # FIXME: is this the proper test to be doing here?
+ fingerprint_server_key >/dev/null \
+ && failure "An OpenPGP host key already exists."
+
+ # get options
+ while true ; do
+ case "$1" in
+ -h|--hostname)
+ hostName="$2"
+ shift 2
+ ;;
+ -f|--keyfile)
+ keyFile="$2"
+ shift 2
+ ;;
+ -e|--expire)
+ keyExpire="$2"
+ shift 2
+ ;;
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
+ break
+ ;;
+ esac
+ done
+
+ if [ ! -f "$keyFile" ] ; then
+ failure "SSH secret key file '$keyFile' not found."
+ fi
+
+ userID="ssh://${hostName}"
+
+ # prompt about key expiration if not specified
+ keyExpire=$(get_gpg_expiration "$keyExpire")
+
+ echo "The following key parameters will be used for the host private key:"
+ echo "Import: $keyFile"
+ echo "Name-Real: $userID"
+ echo "Expire-Date: $keyExpire"
+
+ read -p "Import key? (Y/n) " OK; OK=${OK:=Y}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "aborting."
+ fi
+
+ log verbose "importing ssh key..."
+ # translate ssh key to a private key
+ (umask 077 && \
+ pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import)
+
+ # find the key fingerprint of the newly converted key
+ fingerprint=$(fingerprint_server_key)
+
+ # export host ownertrust to authentication keyring
+ log verbose "setting ultimate owner trust for host key..."
+ echo "${fingerprint}:6:" | gpg_host "--import-ownertrust"
+ echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
+
+ # export public key to file
+ gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+ log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
+ # show info about new key
+ show_server_key
+}
+
# generate server gpg key
gen_key() {
- local keyType
- local keyLength
- local keyUsage
+ local keyType="RSA"
+ local keyLength="2048"
+ local keyUsage="auth"
local keyExpire
local revoker
- local hostName
+ local hostName=$(hostname -f)
local userID
local keyParameters
local fingerprint
- # set default key parameter values
- keyType="RSA"
- keyLength="2048"
- keyUsage="auth"
- keyExpire=
- revoker=
+ # check for presense of secret key
+ # FIXME: is this the proper test to be doing here?
+ fingerprint_server_key >/dev/null \
+ && failure "An OpenPGP host key already exists."
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
+ -h|--hostname)
+ hostName="$2"
+ shift 2
+ ;;
-l|--length)
keyLength="$2"
shift 2
revoker="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
done
- hostName=${1:-$(hostname -f)}
userID="ssh://${hostName}"
- # check for presense of key with user ID
- if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then
- failure "Key for '$userID' already exists"
- fi
-
# prompt about key expiration if not specified
keyExpire=$(get_gpg_expiration "$keyExpire")
# set key parameters
- keyParameters=$(cat <<EOF
-Key-Type: $keyType
+ keyParameters=\
+"Key-Type: $keyType
Key-Length: $keyLength
Key-Usage: $keyUsage
Name-Real: $userID
-Expire-Date: $keyExpire
-EOF
-)
+Expire-Date: $keyExpire"
# add the revoker field if specified
# FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.
# FIXME: key is marked "sensitive"? is this appropriate?
if [ "$revoker" ] ; then
- keyParameters="${keyParameters}"$(cat <<EOF
-Revoker: 1:$revoker sensitive
-EOF
-)
+ keyParameters=\
+"${keyParameters}
+Revoker: 1:${revoker} sensitive"
fi
echo "The following key parameters will be used for the host private key:"
fi
# add commit command
- keyParameters="${keyParameters}"$(cat <<EOF
+ # must include blank line!
+ keyParameters=\
+"${keyParameters}
%commit
-%echo done
-EOF
-)
+%echo done"
- log verbose "generating server key..."
+ log verbose "generating host key..."
echo "$keyParameters" | gpg_host --batch --gen-key
- # output the server fingerprint
- fingerprint_server_key "=${userID}"
-
# find the key fingerprint of the newly generated key
fingerprint=$(fingerprint_server_key)
# export host ownertrust to authentication keyring
- log verbose "setting ultimate owner trust for server key..."
+ log verbose "setting ultimate owner trust for host key..."
echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust"
# translate the private key to ssh format, and export to a file
log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
+ # show info about new key
+ show_server_key
}
# extend the lifetime of a host key:
local fpr=$(fingerprint_server_key)
local extendTo="$1"
- if [ -z "$fpr" ] ; then
- failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first."
- fi
-
# get the new expiration date
extendTo=$(get_gpg_expiration "$extendTo")
save
EOF
- )
+)
# execute edit-key script
if echo "$adduidCommand" | \
fi
}
+# add a revoker to the host key
+add_revoker() {
+ # FIXME: implement!
+ failure "not implemented yet!"
+}
+
+# revoke the host key
+revoke_key() {
+ # FIXME: implement!
+ failure "not implemented yet!"
+}
+
# publish server key to keyserver
publish_server_key() {
read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
echo " - Recommendation: remove the above HostKey lines from $sshd_config"
problemsfound=$(($problemsfound+1))
fi
+
+ # FIXME: test (with ssh-keyscan?) that the running ssh
+ # daemon is actually offering the monkeysphere host key.
+
fi
fi
depth=1
# get options
- TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?"
-
- if [ $? != 0 ] ; then
- exit 1
- fi
-
- # Note the quotes around `$TEMP': they are essential!
- eval set -- "$TEMP"
-
while true ; do
case "$1" in
-n|--domain)
depth="$2"
shift 2
;;
- --)
- shift
- ;;
- *)
+ *)
+ if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
+ failure "Unknown option '$1'.
+Type '$PGRM help' for usage."
+ fi
break
;;
esac
# export the key to the host keyring
gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import
- if [ "$trust" == marginal ]; then
+ if [ "$trust" = marginal ]; then
trustval=1
- elif [ "$trust" == full ]; then
+ elif [ "$trust" = full ]; then
trustval=2
else
failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)."
case $COMMAND in
'update-users'|'update-user'|'u')
+ check_user
+ check_host_keyring
update_users "$@"
;;
+ 'import-key'|'i')
+ check_user
+ import_key "$@"
+ ;;
+
'gen-key'|'g')
+ check_user
gen_key "$@"
;;
'extend-key'|'e')
+ check_user
+ check_host_keyring
extend_key "$@"
;;
'add-hostname'|'add-name'|'n+')
+ check_user
+ check_host_keyring
add_hostname "$@"
;;
'revoke-hostname'|'revoke-name'|'n-')
+ check_user
+ check_host_keyring
revoke_hostname "$@"
;;
+ 'add-revoker'|'o')
+ check_user
+ check_host_keyring
+ add_revoker "$@"
+ ;;
+
+ 'revoke-key'|'r')
+ check_user
+ check_host_keyring
+ revoke_key "$@"
+ ;;
+
'show-key'|'show'|'s')
show_server_key
;;
'publish-key'|'publish'|'p')
+ check_user
+ check_host_keyring
publish_server_key
;;
'diagnostics'|'d')
+ check_user
diagnostics
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+ check_user
+ check_host_keyring
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+ check_user
+ check_host_keyring
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+ check_user
+ check_host_keyring
list_certifiers "$@"
;;
'gpg-authentication-cmd')
+ check_user
gpg_authentication_cmd "$@"
;;
+ 'version'|'v')
+ echo "$VERSION"
+ ;;
+
'--help'|'help'|'-h'|'h'|'?')
usage
;;
# Bugs #
-This is Monkeysphere's bug list. You can also browse our [completed bugs](done).
+The Monkeysphere is moving to a [new issue tracking
+system](https://labs.riseup.net/code/projects/show/monkeysphere),
+hosted at [Riseup Labs](https://labs.riseup.net/code). We're leaving
+this old bug list up during the transition.
-If you don't have commit access to the public repo, we'd appreciate
-you reporting bugs on [the monkeysphere mailing list](/community).
+If you use [Debian](htt[://debian.org), please consider submitting
+your bug to the [Debian BTS](http://bugs.debian.org/monkeysphere).
+
+You can also browse our [completed bugs](done).
+
+Please feel free to also ask any questions on the [the monkeysphere
+mailing list](/community).
[[inline pages="./bugs/* and !./bugs/done and !link(done)
and !*/Discussion" actions=yes postform=yes show=0]]
--- /dev/null
+It would be nice to make all of the Monkeysphere scripts POSIX
+compliant, for portability and light-weightedness. Better POSIX
+compliance would probably at least be better for compatibility with
+o{ther,lder} versions of bash. Unfortunately there are quite a few
+bashism at the moment, so this may not be trivial. For instance:
+
+ servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l
+ 50
+ servo:~/cmrg/monkeysphere/git 0$
+
+It looks like the biggest complication for this would be the
+occasional use of bash arrays.
Are there other ways we can deal with this problem?
--dkg
+
+Here is an example when using monkeysphere-server
+add-identity-certifier on a host with a newly-installed monkeysphere
+installaton. Note that running the same command a second time works
+as expected:
+
+ 0 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
+ gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net
+ gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+ gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied
+ gpg: failed to rebuild keyring cache: file open error
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: next trustdb check due at 2009-03-30
+ gpg: Total number processed: 1
+ gpg: imported: 1 (RSA: 1)
+ Could not receive a key with this ID from the 'pool.sks-keyservers.net' keyserver.
+ 255 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
+ gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net
+ gpg: key D21739E9: "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" not changed
+ gpg: Total number processed: 1
+ gpg: unchanged: 1
+
+ key found:
+ pub 4096R/D21739E9 2007-06-02 [expires: 2012-05-31]
+ Key fingerprint = 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9
+ uid [ unknown] Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ uid [ unknown] Daniel Kahn Gillmor <dkg@openflows.com>
+ uid [ unknown] Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+ uid [ unknown] Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ uid [ unknown] [jpeg image of size 3515]
+ sub 2048R/4BFA08E4 2008-06-19 [expires: 2009-06-19]
+ sub 4096R/21484CFF 2007-06-02 [expires: 2012-05-31]
+
+ Are you sure you want to add the above key as a
+ certifier of users on this system? (y/N) y
+ gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported
+ gpg: Total number processed: 1
+ gpg: imported: 1 (RSA: 1)
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: next trustdb check due at 2009-03-30
+ gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
+ This is free software: you are free to change and redistribute it.
+ There is NO WARRANTY, to the extent permitted by law.
+
+
+ pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC
+ trust: unknown validity: unknown
+ [ unknown] (1). Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ [ unknown] (2) Daniel Kahn Gillmor <dkg@openflows.com>
+ [ unknown] (3) Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+ [ unknown] (4) Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ [ unknown] (5) [jpeg image of size 3515]
+
+
+ pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC
+ trust: unknown validity: unknown
+ Primary key fingerprint: 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9
+
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+ Daniel Kahn Gillmor <dkg@openflows.com>
+ Daniel Kahn Gillmor <dkg@astro.columbia.edu>
+ Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ [jpeg image of size 3515]
+
+ This key is due to expire on 2012-05-31.
+ Please decide how far you trust this user to correctly verify other users' keys
+ (by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I trust marginally
+ 2 = I trust fully
+
+
+ Please enter the depth of this trust signature.
+ A depth greater than 1 allows the key you are signing to make
+ trust signatures on your behalf.
+
+
+ Please enter a domain to restrict this signature, or enter for none.
+
+
+ Are you sure that you want to sign this key with your
+ key "ssh://pip.fifthhorseman.net" (9B83C17D)
+
+ The signature will be marked as non-exportable.
+
+
+ gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied
+ gpg: failed to rebuild keyring cache: file open error
+ gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
+ gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
+ gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u
+ gpg: next trustdb check due at 2009-03-30
+
+ Identity certifier added.
+ 0 pip:~#
--- /dev/null
+Since Monkeysphere is using bash, it would be nice to use the shell
+build in getopts function, instead of the external getopt program.
+This would reduce an external dependency, which would definitely be
+better for portability.
+
+---
+
+So it looks like the sh built-in getopts does not include long options
+(eg. "--expire"). Is it worth getting rid of the long options for
+this?
+
+---
+
+Why not just get rid of getopts altogether and perform a simple
+argument-processing loop with bash string tests? We're only invoking
+getopt in three places, and each invocation is no more complex than
+three arguments -- and most arguments take a separate parameter, which
+means that handling tricky arg blobs like -aCxr are not gonna be
+supported anyway.
## References ##
- * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
+ * [OpenSSH](http://openssh.com/)
+ * [GnuPG](http://www.gnupg.org/)
* [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880)
* [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252)
* [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/)
+ * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH)
## Other ##
is available](/community) via [git](http://git.or.cz/).
The [latest
-tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz)
+tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.22.orig.tar.gz)
is also available, and has these checksums:
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-checksums for the monkeysphere 0.21 release:
+checksums for the monkeysphere 0.22 release:
MD5:
-15fe181983565aca0fbe4c41f9f6752e monkeysphere_0.21.orig.tar.gz
+2bb00c86323409b98aff53f94d9ce0a6 monkeysphere_0.22.orig.tar.gz
SHA1:
-27e915a45cdbe50a139ed4f4b13746b17c165b0f monkeysphere_0.21.orig.tar.gz
+312882ad192b8e7303e3e0ac9db20ac8ddc529b3 monkeysphere_0.22.orig.tar.gz
SHA256:
-1535c3f722f5f5c1646a4981efef4a262ac7b23bf4b980c9aee11af2600eedc2 monkeysphere_0.21.orig.tar.gz
+2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24 monkeysphere_0.22.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-iQIVAwUBSR8+7BjmZ/HrivMUAQLeKg/+JT4LCXBR/06p/w2KBd1MKqch5Qf2ryIo
-mxCTWtZRgVQSeOFUJ5SXX+Tfs7VZfkV5HuahUH3NmGC6EMhYyB2olwBOOoIAqEKw
-1zVyn49bowCee+gTc3QHyT0Eqgt2ARtzl3/VrHkiw2MaJN3IZXseovyL8ksnEu+u
-s8fq26imtBrrucIxp4ZtHUw/h/YrJohHcJ8QQN5/UWFLug4C4aRFmnzL+oCySxAa
-0au/zFxxRZE5pMhLUvRwwCwPFx2CGBz6y9lAOiDPhhUqh+Bf7JKWJzk35Dj5Tm+2
-lCIzYtfpBkuF9ehCrm8WYF5aFg+gto8Bc6IJci9J6h2npBYIG0IbWOknMZz3+Ti2
-c3EltlJjK0LKEHujDYjf9tkNAxbBdtlYuw8x925ILeK7n8xX0Jr1TDzPyAIYaogv
-IVqsgnvQ489K8k06173kyrPaetyvOlU3bN1zcPdqTyCD6+eBbeCeKXO4324C8iMF
-rQPW4HScOdIidqFuzHyIT7PoY4DwWMgeAVymRSEufifvRcdCvQdlC4MaxxVf5I8A
-ATkD3CrY+5NZeERAGbmlu7Uz+sUk5tLUH0Q2qvjZUIQRctfr4BMheuBubsLR9yP3
-FZ4Q4kl34eU/WU7NtTmIFy7gDhLSIoeQINfYZlNEXQ7Y/RZUOEwoPI/spAXgw6De
-Xpsw0wPZtcM=
-=JDaA
+iQIVAwUBSTCiPRjmZ/HrivMUAQLg/BAAsdLsCQYSmvYLrYy1HiARtZOckqSOFv5e
+lnoOYEXKCXVjKqYUn4gjOkP2kQlnEOazfXrT/pO4u0AKUbf3C8bPDpIeao8uuPXI
+GG6HOWtsY93a2g8DM9fOzadIwhhBc9U7VwizBwFsxMw6xFTIKfoqqQonfEYFFLb6
+zyJVcfhmmGjgoJ9qA3AlYAf/i3Y/fcXh+YMI5J3Gez3BTVcep41UlcQUyd33pHF6
+aHdSWCzrotFual3fbf0meQewbBCW3JRBsbmCHQltbO/kNrtyfXb3Rp4oLiffcmpI
+DhfpFeonVHnUI9CVHmL7qbnBsgu5Q8l8Fxzu5pyzrGJxlvqBCpG8JM2FI0jJxw6o
+LQkmXCHteYKyopqKz5X0ATCot2Eoc9+kNEHwNWI37XbY7AV1XOOzGiaMjl+w8aUR
+QM8+Gi0h7SU2KuEogIsq1TghsDp3BJpTyBnc72ttLt2BvMzANOJnM8cmQqW8bOpz
+9Jdob+ISKkKG9q0wp61gb+8/f7mZKNtpr2rpRVYyjHgwR5XfbnS+gaD2B1NyG7NY
+yxW7fHpTsuwqcm2ONjZCDpEj0bXM0cL7r8c3J0L5kRCiN05c/KKYTNC70kTwCeQa
+ninihvIJal0Wu3LZxtYmtxuApq3wmc8NPo66C+TC24YGtxxJuZMS1qOlPFIPADIa
+EeBVdDmRbBw=
+=FmCP
-----END PGP SIGNATURE-----
</pre>
========================================
As the administrator of an SSH server, you can take advantage of the
-monkeysphere in two ways: you can publish the host key of your machine
-so that your users can have it automatically verified, and you can set
-up your machine to automatically identify connecting users by their
-presence in the OpenPGP web of trust.
+monkeysphere in two ways:
+1. you can publish the host key of your machine so that your users can
+have it automatically verified, and
+
+2. you can set up your machine to automatically identify connecting
+users by their presence in the OpenPGP web of trust.
+
+These things are not mutually required, and it is in fact possible to
+do one without the other. However, it is highly recommend that you at
+least do the first. Even if you decide that you do not want to use
+the monkeysphere to authenticate users to your system, you should at
+least the host key into the Web of Trust so that your users can be
+sure they're connecting to the correct machine.
+
+
+Monkeysphere for host verification
+==================================
Server host key publication
---------------------------
-To generate and publish a server host key:
+
+To begin, you must first generate a server host key:
# monkeysphere-server gen-key
- # monkeysphere-server publish-key
This will generate the key for server with the service URI
-(`ssh://server.example.net`). The server admin should now sign the
-server key so that people in the admin's web of trust can identify the
-server without manual host key checking:
+(`ssh://server.example.net`). Output the new key information with the
+'show-key' command:
+
+ # monkeysphere-server show-key
+
+Once the key has been generated, it needs to be publish to the Web of
+Trust:
+
+ # monkeysphere-server publish-key
+
+The server admin should now sign the server key so that people in the
+admin's web of trust can identify the server without manual host key
+checking. On your (the admin's) local machine retrieve the host key:
$ gpg --search '=ssh://server.example.net'
+
+Now sign the server key:
+
$ gpg --sign-key '=ssh://server.example.net'
+Make sure you compare the fingerprint of the retrieved with the one
+output with the 'show-key' command above, to verify you are signing
+the correct key. Finally, publish your signatures back to the
+keyservers:
+
+ $ gpg --send-key '=ssh://server.example.net'
Update OpenSSH configuration files
----------------------------------
To use the newly-generated host key for ssh connections, put the
-following line in `/etc/ssh/sshd_config` (be sure to remove references
-to any other keys):
+following line in `/etc/ssh/sshd_config` (be sure to comment out or
+remove any other HostKey references):
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
-FIXME: should we just suggest symlinks in the filesystem here instead?
+FIXME: What about DSA host keys? The SSH RFC seems to require
+implementations support DSA, though OpenSSH will work without a DSA
+host key.
-FIXME: What about DSA host keys? The SSH RFC seems to require implementations support DSA, though OpenSSH will work without a DSA host key.
-To enable users to use the monkeysphere to authenticate using the
-OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again,
-making sure that no other AuthorizedKeysFile directive exists):
+Monkeysphere for user authentication
+====================================
- AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+A host can maintain ssh `authorized_keys` files automatically for its
+users with the Monkeysphere. These `authorized_keys` files can then
+be used to enable users to use the monkeysphere to authenticate to
+your machine using the OpenPGP web of trust.
+
+Before this can happen, the host must first have a host key to use for
+user key verification. If you have not already generated a host key
+(as in the host verification instructions above), generate one now:
+
+ # monkeysphere-server gen-key
-And then read the section below about how to ensure these files are
-maintained. You'll need to restart `sshd` to have your changes take
-effect. As with any change to `sshd_config`, be sure to retain an
-existing session to the machine while you test your changes so you
-don't get locked out.
+Update OpenSSH configuration files
+----------------------------------
+
+SSH must be configured to point to the monkeysphere generated
+`authorized_keys` file. Add this line to `/etc/ssh/sshd_config`
+(again, making sure that no other AuthorizedKeysFile directive is left
+uncommented):
+ AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
+
+You'll need to restart `sshd` to have your changes take effect. As
+with any change to `sshd_config`, be sure to retain an existing
+session to the machine while you test your changes so you don't get
+locked out.
Monkeysphere authorized_keys maintenance
----------------------------------------
-A host can maintain ssh authorized_keys files automatically for its
-users with the Monkeysphere.
-
For each user account on the server, the userids of people authorized
to log into that account would be placed in:
# monkeysphere-server add-identity-certifier $GPGID
-To update the monkeysphere authorized_keys file for user "bob" using
+To update the monkeysphere `authorized_keys` file for user "bob" using
the current set of identity certifiers, run:
# monkeysphere-server update-users bob
-To update the monkeysphere authorized_keys file for all users on the
+To update the monkeysphere `authorized_keys` file for all users on the
the system, run the same command with no arguments:
# monkeysphere-server update-users
Monkeysphere***. OpenSSH can be used as is; completely unpatched and
"out of the box".
-## Links ##
+## License ##
-* [OpenSSH](http://openssh.com/)
-* [GnuPG](http://www.gnupg.org/)
-* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252)
-* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880)
+All Monkeysphere software is copyright, 2007, by [the
+authors](community), and released under [GPL, version 3 or
+later](http://www.gnu.org/licenses/gpl-3.0.html).
----
overflow: auto;
}
-table.sitenav {
+table.sitenav {
border-bottom: 2px solid black;
padding: 0px;
width: 100%;
font-size: larger;
}
-table.sitenav img.logo {
- margin: 0px;
- padding: 0px;
+table.sitenav img.logo {
+ margin: 0em;
+ padding: 0px;
vertical-align: bottom;
}
+table.sitenav img.title {
+ margin: 0px;
+ padding: 0px;
+ vertical-align: top;
+}
+
table.sitenav a {
font-weight: bold;
margin-right: 1em;
font-size: smaller;
}
-/* trying to align the sitenav links roughly with the text in the monkeysphere logo */
-td#sitenav {
- vertical-align: bottom;
- padding-bottom: 30px;
-}
-
table.sitenav span.selflink {
font-weight: bold;
text-decoration: underline;
--- /dev/null
+[[meta title="Monkeysphere now in Debian!"]]
+
+[The Monkeysphere has made it into
+Debian!](http://packages.debian.org/sid/monkeysphere)
+
+It is in Debian unstable ("sid") now, which means it won't make it
+into the next stable release ("lenny"), but hopefully will make it
+into the stable release after that ("squeeze").
+
+Congratulations to all the work by all the [monkeysphere
+developers](/community), and to Micah Anderson for being our Debian
+sponsor.
+
+Please feel free to start submitting bug reports to the [Debian
+BTS](http://bugs.debian.org/monkeysphere).
--- /dev/null
+[[meta title="Monkeysphere 0.22-1 released!"]]
+
+Monkeysphere 0.22-1 has been released.
+
+Notes from the changelog:
+
+<pre>
+ * New upstream release:
+ [ Jameson Graef Rollins ]
+
+ - added info log output when a new key is added to known_hosts file.
+ - added some useful output to the ssh-proxycommand for "marginal"
+ cases where keys are found for host but do not have full validity.
+ - force ssh-keygen to read from stdin to get ssh key fingerprint.
+
+ [ Daniel Kahn Gillmor ]
+
+ - automatically output two copies of the host's public key: one
+ standard ssh public key file, and the other a minimal OpenPGP key with
+ just the latest valid self-sig.
+ - debian/control: corrected alternate dependency from procfile to
+ procmail (which provides /usr/bin/lockfile)
+</pre>
+
+[[Download]] it now!
<table class="sitenav" cellpadding="0" cellspacing="0">
-<tbody><tr><td>
-<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a>
-</td><td id="sitenav">
-
+<colgroup span="1" width="120" />
+<tr>
+<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td>
+<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td>
+</tr><tr>
+<td>
[[WHY?|why]]
[[DOWNLOAD|download]]
[[DOCUMENTATION|doc]]
[[NEWS|news]]
[[COMMUNITY|community]]
-[[BUGS|bugs]]
+<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a>
+<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a>
+[[VISION|vision]]
+</td>
+</tr>
+</table>
-</td></tr></tbody></table>
--- /dev/null
+[[meta title="Our vision for the future of the monkeysphere"]]
+
+## External Validation Agent ##
+
+This is probably at the crux of the Monkeysphere vision for the future:
+
+* [Simon Josefsson proposed out-of-process certificate verification model in gnutls-devel](http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3231)
+* [Werner Koch's dirmngr](http://www.gnupg.org/documentation/manuals/dirmngr/)
+* [GnuTLS wiki external validation](http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation)
+* [Pathfinder PKI validation](http://code.google.com/p/pathfinder-pki/) (includes validation plugins for OpenSSL and LibNSS).
+
+## TLS transition strategies ##
+
+While [RFC 5081](http://tools.ietf.org/html/rfc5081) is quite a while
+off from widespread adoption, it would be good to have an interim
+translation step. This is analogous to the SSH work we've done, where
+the on-the-wire protocol remains the same, but the keys themselves are
+looked up in the OpenPGP WoT.
+
+Firefox extensions that deal with certificate validation seem to be
+the easiest path toward demonstrating this technique. We should look
+at:
+
+* [SSL Blacklist](http://codefromthe70s.org/sslblacklist.aspx)
+* [Perspectives](http://www.cs.cmu.edu/~perspectives/firefox.html)
+* there is another firefox extension that basically disables all TLS certificate checking. The download page says things like "this is a bad idea" and "do not install this extension", but i'm unable to find it at the moment.
+
+## Related discussions ##
+
+* [Wandering Thoughts blog discussion about Web of Trust flaws](http://utcc.utoronto.ca/~cks/space/blog/tech/WebOfTrustFlaws?showcomments)
+* [Wandering Thoughts blog discussion about certificate authorities](http://utcc.utoronto.ca/~cks/space/blog/web/SSLCANeed?showcomments)
projects / monkeysphere.git / commitdiff
