diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-07 19:39:59 -0400 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-07 19:39:59 -0400 |
| commit | 241be7ab4a86d3d578de9b5499824a6e34bfd64c (patch) | |
| tree | 0c946e843c50abb4eb5bb3ebf62d4c1472c7b1ff | |
| parent | f016e55c785648e0032c88c6eed872f663e81e39 (diff) | |
| parent | ec76b3cef0014c6aa68ec8982101892c74958b99 (diff) | |
Merge commit 'dkg/master'
| -rw-r--r-- | doc/MonkeySpec | 6 | ||||
| -rw-r--r-- | gpg2ssh/Makefile | 6 | ||||
| -rw-r--r-- | gpg2ssh/gpg2ssh.c | 14 |
3 files changed, 15 insertions, 11 deletions
diff --git a/doc/MonkeySpec b/doc/MonkeySpec index 9ed0724..fe5a0bf 100644 --- a/doc/MonkeySpec +++ b/doc/MonkeySpec @@ -43,12 +43,12 @@ server-side components - publishes server gpg keys - used to specify keys to trust for user authentication -* "tamarin": script to trigger rhesus during attempt to initiate - connection from client +* "tamarin": concept - how to trigger or schedule rhesus at admin defined + points (e.g. via cron or during ssh connections). client-side components ---------------------- -* "marmoset": script to trigger rhesus during attempt to initiate +* "marmoset": concept - how to trigger rhesus during attempt to initiate connection to server - runs on connection to a certain host - triggers update to known_hosts file then makes connection diff --git a/gpg2ssh/Makefile b/gpg2ssh/Makefile index aa18aaa..a0b7241 100644 --- a/gpg2ssh/Makefile +++ b/gpg2ssh/Makefile @@ -1,3 +1,5 @@ +all: monkeysphere gpg2ssh + monkeysphere: main.c gnutls-helpers.o gcc -g -Wall --pedantic -o monkeysphere main.c `libgnutls-config --libs --cflags` -lgnutls-extra gnutls-helpers.o @@ -11,6 +13,6 @@ ssh2gpg: ssh2gpg.c gnutls-helpers.o gcc -g -Wall --pedantic -o $@ -c $< clean: - rm -f monkeysphere *.o + rm -f monkeysphere gpg2ssh *.o -.PHONY: clean +.PHONY: clean all diff --git a/gpg2ssh/gpg2ssh.c b/gpg2ssh/gpg2ssh.c index a1e94df..c99f03f 100644 --- a/gpg2ssh/gpg2ssh.c +++ b/gpg2ssh/gpg2ssh.c @@ -116,8 +116,9 @@ int main(int argc, char* argv[]) { err("failed to get the usage flags for the primary key (error: %d)\n", ret); return ret; } - if (usage & GNUTLS_KEY_KEY_AGREEMENT) { - err("the primary key can be used for authentication\n"); + if (usage & GNUTLS_KEY_KEY_AGREEMENT && + usage & GNUTLS_KEY_KEY_ENCIPHERMENT) { + err("the primary key can be used for authentication and communication encryption!\n"); algo = gnutls_openpgp_crt_get_pk_algorithm(openpgp_crt, &bits); if (algo < 0) { @@ -144,10 +145,10 @@ int main(int argc, char* argv[]) { } } else { - err("primary key is only good for: 0x%08x. Trying subkeys...\n", usage); + err("primary key is not good for authentication and communication encryption. Trying subkeys...\n"); if (ret = gnutls_openpgp_crt_get_auth_subkey(openpgp_crt, keyid, 0), ret) { - err("failed to find a subkey capable of authentication (error: %d)\n", ret); + err("failed to find a subkey capable of authentication and communication encryption (error: %d)\n", ret); return ret; } make_keyid_printable(p_keyid, keyid); @@ -169,8 +170,9 @@ int main(int argc, char* argv[]) { err("could not figure out usage of subkey %.16s (error: %d)\n", p_keyid, ret); return ret; } - if ((usage & GNUTLS_KEY_KEY_AGREEMENT) == 0) { - err("could not find a subkey with authentication privileges.\n"); + if ((usage & GNUTLS_KEY_KEY_AGREEMENT) == 0 && + usage & GNUTLS_KEY_KEY_ENCIPHERMENT) { + err("could not find a subkey with authentication and communication encryption.\n"); return 1; } |