From: Daniel Kahn Gillmor Date: Sat, 31 Jan 2009 23:02:54 +0000 (-0500) Subject: merging jrollins and micah work, reverting ui changes for m-h gen-key and import-key X-Git-Tag: monkeysphere_0.23~160^2 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=7d4b4815db8ba2f6f984a18a90b50032cf9158ba;p=monkeysphere.git merging jrollins and micah work, reverting ui changes for m-h gen-key and import-key --- 7d4b4815db8ba2f6f984a18a90b50032cf9158ba diff --cc src/monkeysphere-host index bf58616,5c97aa6..19ab5fc --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@@ -53,12 -53,12 +53,10 @@@ subcommands publish-key (p) publish server host key to keyserver expert -- import-key (i) import existing ssh key to gpg -- --hostname (-h) NAME[:PORT] hostname for key user ID ++ import-key (i) NAME[:PORT] import existing ssh key to gpg --keyfile (-f) FILE key file to import --expire (-e) EXPIRE date to expire -- gen-key (g) generate gpg key for the host -- --hostname (-h) NAME[:PORT] hostname for key user ID ++ gen-key (g) NAME[:PORT] generate gpg key for the host --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire --revoker (-r) FINGERPRINT add a revoker diff --cc src/subcommands/mh/gen-key index 0000000,37469c7..554c04c mode 000000,100755..100755 --- a/src/subcommands/mh/gen-key +++ b/src/subcommands/mh/gen-key @@@ -1,0 -1,118 +1,116 @@@ + #!/usr/bin/env bash + + # Monkeysphere host gen-key subcommand + # + # The monkeysphere scripts are written by: + # Jameson Rollins + # Jamie McClelland + # Daniel Kahn Gillmor + # + # They are Copyright 2008, and are all released under the GPL, version 3 + # or later. + + local keyType="RSA" + local keyLength="2048" + local keyUsage="auth" + local keyExpire + local revoker + local hostName=$(hostname -f) + local userID + local keyParameters + local fingerprint + + # check for presense of secret key + # FIXME: is this the proper test to be doing here? + fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + + # get options + while true ; do + case "$1" in - -h|--hostname) - hostName="$2" - shift 2 - ;; + -l|--length) + keyLength="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + -r|--revoker) + revoker="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. + Type '$PGRM help' for usage." + fi ++ hostName="$1" ++ shift; + break + ;; + esac + done + + userID="ssh://${hostName}" + + # prompt about key expiration if not specified + keyExpire=$(get_gpg_expiration "$keyExpire") + + # set key parameters + keyParameters=\ + "Key-Type: $keyType + Key-Length: $keyLength + Key-Usage: $keyUsage + Name-Real: $userID + Expire-Date: $keyExpire" + + # add the revoker field if specified + # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key. + # FIXME: key is marked "sensitive"? is this appropriate? + if [ "$revoker" ] ; then + keyParameters=\ + "${keyParameters} + Revoker: 1:${revoker} sensitive" + fi + + echo "The following key parameters will be used for the host private key:" + echo "$keyParameters" + + read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." + fi + + # add commit command + # must include blank line! + keyParameters=\ + "${keyParameters} + + %commit + %echo done" + + log verbose "generating host key..." + echo "$keyParameters" | gpg_host --batch --gen-key + + # find the key fingerprint of the newly generated key + fingerprint=$(fingerprint_server_key) + + # export host ownertrust to authentication keyring + log verbose "setting ultimate owner trust for host key..." + echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + + # translate the private key to ssh format, and export to a file + # for sshs usage. + # NOTE: assumes that the primary key is the proper key to use + (umask 077 && \ + gpg_host --export-secret-key "$fingerprint" | \ + openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") + log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" + ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" + log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" + gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + + # show info about new key + show_server_key diff --cc src/subcommands/mh/import-key index 0000000,c33550b..bbeb37f mode 000000,100755..100755 --- a/src/subcommands/mh/import-key +++ b/src/subcommands/mh/import-key @@@ -1,0 -1,85 +1,84 @@@ + #!/usr/bin/env bash + + # Monkeysphere host import-key subcommand + # + # The monkeysphere scripts are written by: + # Jameson Rollins + # Jamie McClelland + # Daniel Kahn Gillmor + # + # They are Copyright 2008, and are all released under the GPL, version 3 + # or later. + + local hostName=$(hostname -f) + local keyFile="/etc/ssh/ssh_host_rsa_key" + local keyExpire + local userID + + # check for presense of secret key + # FIXME: is this the proper test to be doing here? + fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + + # get options + while true ; do + case "$1" in - -h|--hostname) - hostName="$2" - shift 2 - ;; + -f|--keyfile) + keyFile="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. + Type '$PGRM help' for usage." + fi ++ hostName="$1" ++ shift ++ ;; + break + ;; + esac + done + + if [ ! -f "$keyFile" ] ; then + failure "SSH secret key file '$keyFile' not found." + fi + + userID="ssh://${hostName}" + + # prompt about key expiration if not specified + keyExpire=$(get_gpg_expiration "$keyExpire") + + echo "The following key parameters will be used for the host private key:" + echo "Import: $keyFile" + echo "Name-Real: $userID" + echo "Expire-Date: $keyExpire" + + read -p "Import key? (Y/n) " OK; OK=${OK:=Y} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." + fi + + log verbose "importing ssh key..." + # translate ssh key to a private key + (umask 077 && \ + pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) + + # find the key fingerprint of the newly converted key + fingerprint=$(fingerprint_server_key) + + # export host ownertrust to authentication keyring + log verbose "setting ultimate owner trust for host key..." + echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" + echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + + # export public key to file + gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + + # show info about new key + show_server_key