# -*-shell-script-*- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) # Monkeysphere host import-key subcommand # # The monkeysphere scripts are written by: # Jameson Rollins # Jamie McClelland # Daniel Kahn Gillmor # # They are Copyright 2008-2009 and are all released under the GPL, # version 3 or later. import_key() { local sshKeyFile local hostName local domain local userID sshKeyFile="$1" hostName="$2" # check that key file specified if [ -z "$sshKeyFile" ] ; then failure "Must specify ssh key file to import, or specify '-' for stdin." fi # use the default hostname if not specified if [ -z "$hostName" ] ; then hostName=$(hostname -f) || failure "Could not determine hostname." # test that the domain is not obviously illegitimate domain=${foo##*.} case $domain in 'local'|'localdomain') failure "Host domain '$domain' is not legitimate. Aborting key import." ;; esac # test that there are at least two parts if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then failure "Host name '$hostName' is not legitimate. Aborting key import." fi fi userID="ssh://${hostName}" # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" # import ssh key to a private key if [ "$sshKeyFile" = '-' ] ; then log verbose "importing ssh key from stdin..." PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ | gpg_host --import else log verbose "importing ssh key from file '$sshKeyFile'..." PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ <"$sshKeyFile" \ | gpg_host --import fi # load the new host fpr into the fpr variable. this is so we can # create the gpg pub key file. we have to do this from the secret key # ring since we obviously don't have the gpg pub key file yet, since # that's what we're trying to produce (see below). load_fingerprint_secret # export to gpg public key to file update_gpg_pub_file log info "host key imported:" # show info about new key show_key }