Merge commit 'dkg/master'

[monkeysphere.git] / src / share / mh / import_key

# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)

# Monkeysphere host import-key subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2008-2009 and are all released under the GPL,
# version 3 or later.

import_key() {

local hostName
local domain
local userID

hostName="$1"

# use the default hostname if not specified
if [ -z "$hostName" ] ; then
    hostName=$(hostname -f)
    # test that the domain is not obviously illegitimate
    domain=${foo##*.}
    case $domain in
        'local'|'localdomain')
            failure "Host domain '$domain' is not legitimate.  Aborting key import."
            ;;
    esac
    # test that there are at least two parts
    if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
        failure "Host name '$hostName' is not legitimate.  Aborting key import."
    fi
fi

userID="ssh://${hostName}"

# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${MHTMPDIR}"
mkdir -p "${GNUPGHOME_HOST}"
chmod 700 "${GNUPGHOME_HOST}"

log verbose "importing ssh key..."
# translate ssh key to a private key
PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
    | gpg_host --import

# load the new host fpr into the fpr variable.  this is so we can
# create the gpg pub key file.  we have to do this from the secret key
# ring since we obviously don't have the gpg pub key file yet, since
# that's what we're trying to produce (see below).
load_fingerprint_secret

# set ultimate owner trust on the newly imported key
printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust

# update trustdb
gpg_host --check-trustdb

# export to gpg public key to file
create_gpg_pub_file

# show info about new key
show_key

}