summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-06-13 11:18:00 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2008-06-13 11:18:00 -0400
commit03cc847e6fc901ab4c1920324910126158655e37 (patch)
tree5cc901e5d8c36af56d2fe3ae2d83d513ddb53f10
parentc998145c57c19e026e5f6c8f400fb66a3f52e8d4 (diff)
monkeysphere debianization. Package can now be cleanly built with minimal lintian warnings.
-rw-r--r--COPYING6
-rw-r--r--Makefile5
-rw-r--r--debian/changelog5
-rw-r--r--debian/control6
-rw-r--r--debian/copyright9
-rw-r--r--man/man1/openpgp2ssh.154
-rw-r--r--src/keytrans/Makefile2
-rw-r--r--test.key27
8 files changed, 53 insertions, 61 deletions
diff --git a/COPYING b/COPYING
index ab8788d..c920a0e 100644
--- a/COPYING
+++ b/COPYING
@@ -1,13 +1,13 @@
MonkeySphere is a system to use the OpenPGP web-of-trust to
authenticate and encrypt ssh connections.
-It is free software, written by:
+It is free software, developed by:
Jameson Rollins <jrollins@fifthhorseman.net>
- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
-with much help from:
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Jamie McClelland <jamie@mayfirst.org>
Micah Anderson <micah@riseup.net>
Matthew Goins <mjgoins@openflows.com>
+ Mike Castleman <mlcastle@mlcastle.net>
MonkeySphere is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
diff --git a/Makefile b/Makefile
index b28e54e..64e6cbe 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,10 @@ all: keytrans
keytrans:
$(MAKE) -C src/keytrans
+release: clean
+ tar c COPYING doc etc Makefile man src | gzip -n > ../monkeysphere_`head -n1 debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'`.orig.tar.gz
+
clean:
$(MAKE) -C src/keytrans clean
-.PHONY: all clean
+.PHONY: all clean release
diff --git a/debian/changelog b/debian/changelog
index 2b68de6..ec744e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,7 @@
monkeysphere (0.1-1) unstable; urgency=low
- * to be first release...
+ * First release of debian package for monkeysphere.
+ * This is experimental -- please report bugs!
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Tue, 10 Jun 2008 17:20:16 -0400
+ -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Fri, 13 Jun 2008 10:53:43 -0400
diff --git a/debian/control b/debian/control
index e190ae0..afd5bfa 100644
--- a/debian/control
+++ b/debian/control
@@ -1,18 +1,18 @@
Source: monkeysphere
Section: net
Priority: extra
-Maintainer: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Maintainer: Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
Uploaders: Jameson Rollins <jrollins@fifthhorseman.net>
Build-Depends: debhelper (>= 7.0), libgnutls-dev (>= 2.3.14)
Standards-Version: 3.8.0.1
Homepage: http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH
-Enhances: openssh-client, openssh-server
Dm-Upload-Allowed: yes
Package: monkeysphere
Architecture: any
-Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6)
+Depends: openssh-client, gnupg | gnupg2, coreutils (>= 6), ${shlibs:Depends}
Recommends: netcat
+Enhances: openssh-client, openssh-server
Description: use the OpenPGP web of trust to verify ssh connections
SSH key-based authentication is tried-and-true, but it lacks a true
Public Key Infrastructure for key certification, revocation and
diff --git a/debian/copyright b/debian/copyright
index 413f60f..11abe8b 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -4,8 +4,13 @@ Debianized-Date: Fri Jun 13 10:19:16 EDT 2008
Original-Source: http://lair.fifthhorseman.net/~dkg/git/monkeysphere.git/
Files: *
-Copyright: Jameson Rollins <jrollins@fifthhorseman.net>,
- Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Copyright: 2008 Jameson Rollins <jrollins@fifthhorseman.net>,
+ Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
+ Jamie McClelland <jamie@mayfirst.org>,
+ Micah Anderson <micah@riseup.net>,
+ Matthew Goins <mjgoins@openflows.com>,
+ Mike Castleman <mlcastle@mlcastle.net>
+
License: GPL-3+
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1
index 1a02b38..83b6154 100644
--- a/man/man1/openpgp2ssh.1
+++ b/man/man1/openpgp2ssh.1
@@ -7,31 +7,34 @@ openpgp2ssh
.Nd translate OpenPGP keys to SSH keys
.Sh SYNOPSIS
.Nm openpgp2ssh < mykey.gpg
-
+.Pp
.Nm gpg --export $KEYID | openpgp2ssh $KEYID
-
+.Pp
.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID
.Sh DESCRIPTION
-openpgp2ssh takes an OpenPGP-formatted primary key and associated
+.Nm
+takes an OpenPGP-formatted primary key and associated
subkeys on standard input, and spits out the requested equivalent
SSH-style key on standard output.
-
+.Pp
If the data on standard input contains no subkeys, you can invoke
-openpgp2ssh without arguments. If the data on standard input contains
+.Nm
+without arguments. If the data on standard input contains
multiple keys (e.g. a primary key and associated subkeys), you must
specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or
fingerprint as the first argument to indicate which key to export.
The keyid must be exactly 16 hex characters.
-
+.Pp
If the input contains an OpenPGP RSA or DSA public key, it will be
converted to the OpenSSH-style single-line keystring, prefixed with
the key type. This format is suitable (with minor alterations) for
insertion into known_hosts files and authorized_keys files.
-
+.Pp
If the input contains an OpenPGP RSA or DSA secret key, it will be
converted to the equivalent PEM-encoded private key.
-
-openpgp2ssh is part of the
+.Pp
+.Nm
+is part of the
.Xr monkeysphere 1
framework for providing a PKI for SSH.
.Sh CAVEATS
@@ -39,17 +42,20 @@ The keys produced by this process are stripped of all identifying
information, including certifications, self-signatures, etc. This is
intentional, since ssh attaches no inherent significance to these
features.
-
-openpgp2ssh only works with RSA or DSA keys, because those are the
+.Pp
+.Nm
+only works with RSA or DSA keys, because those are the
only ones which work with ssh.
-
-Assuming a valid key type, though, openpgp2ssh will produce output for
+.Pp
+Assuming a valid key type, though,
+.Nm
+will produce output for
any requested key. This means, among other things, that it will
happily export revoked keys, unverifiable keys, expired keys, etc.
Make sure you do your own key validation before using this tool!
.Sh EXAMPLES
.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin
-
+.Pp
This pushes the secret key into the active
.Xr ssh-agent 1 .
Tools such as
@@ -58,21 +64,25 @@ which know how to talk to the
.Xr ssh-agent 1
can now rely on the key.
.Sh AUTHOR
-openpgp2ssh and this man page were written by Daniel Kahn Gillmor
+.Nm
+and this man page were written by Daniel Kahn Gillmor
<dkg@fifthhorseman.net>.
.Sh BUGS
-openpgp2ssh currently only exports into formats used by the OpenSSH.
+.Nm
+currently only exports into formats used by the OpenSSH.
It should support other key output formats, such as those used by
lsh(1) and putty(1).
-
+.Pp
Secret key output is currently not passphrase-protected.
-
-openpgp2ssh currently cannot handle passphrase-protected secret keys on input.
-
+.Pp
+.Nm
+currently cannot handle passphrase-protected secret keys on input.
+.Pp
It would be nice to be able to use keyids shorter or longer than 16
hex characters.
-
-openpgp2ssh only acts on keys associated with the first primary key
+.Pp
+.Nm
+only acts on keys associated with the first primary key
passed in. If you send it more than one primary key, it will silently
ignore later ones.
.Sh SEE ALSO
diff --git a/src/keytrans/Makefile b/src/keytrans/Makefile
index 53fa5dc..79602ef 100644
--- a/src/keytrans/Makefile
+++ b/src/keytrans/Makefile
@@ -1,7 +1,7 @@
all: openpgp2ssh
openpgp2ssh: openpgp2ssh.c gnutls-helpers.o
- gcc -g -Wall --pedantic -o openpgp2ssh openpgp2ssh.c `libgnutls-config --libs --cflags` -lgnutls-extra gnutls-helpers.o
+ gcc -g -Wall --pedantic -o openpgp2ssh openpgp2ssh.c `libgnutls-config --libs --cflags` gnutls-helpers.o
%.o: %.c
gcc -g -Wall --pedantic -o $@ -c $<
diff --git a/test.key b/test.key
deleted file mode 100644
index 4e05880..0000000
--- a/test.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAxMv33LvWBZnKtahorHGYdBZqVxrNUQcVNrgxp4bf/FvgvSLG
-kBrw6wHFdVYvWWViD5efrJugqA4+pKp16LEWlc7JZICrou4vEJGkvoqBIJC/4cVN
-xcwV1a8jo9ZOYjt0JIyuHrEDGW/edQYWI41XO/H+QdMDsdI+oOmfPV/V4eMyjGKH
-vRJ+xDae5izhUb3Lb00YnxpP2n/zhvHpn7weu+bzvwb3pMMo9336Ft7m5ulGPJzN
-+3l595LW+lUSDUlUJbACp4Nyn+i9ODPV6xzghzirsh7rnD8jD2kaqIVkcvEhusoB
-JN3daPXt9t6m5cfsCWu31BXdbpTWiLIZRUxDzQIBIwKCAQEAl9CMAg0+s90KFxuD
-8r4H5IZSCK5GnZe/6GI07vMEj3oTxRrTsP7XG7DoyDsr1z+UyjMjZ+XFE+27S9P0
-ju8Cy1Zg2ICEZ78OXT0nUSkEhtYQXbV2gqTAYwNzQ9/WEUPOn9o9LZ5+u9n0wKzs
-gdNvLj5WbUsC2aIwUD8xswDJkP5cA4RfKo8Mz40aXbK6b+S/bOKEkXRFvOor46pl
-A8GHxUVcUPUG7LAXCm1FWrDob6FTlv3yW8DeVTCYwt6HdrTmc9b+yOinwMR6ZvUz
-R6AESGG7czCvA6rpkCcprfCPx0gfntuzLiGRtl54GvbYWWtPDlxnPwcw1zcSALvM
-pJNpawKBgQD/zze04kYZBNDTxolBrZltpPXtPpOrG2Otp8CHreOKn0TifCFPDnCb
-ewUhxuDRA+L9KPLT311DtHfIzXJ8/RD6K/QE72ny39h2X2Pn2hWSgb9+iysHBDNc
-jb136QFoKQcpqUpLEfTvA71Yqvuk6gsYiuWnIN5KJwy/AhwFQnK/WQKBgQDE8X87
-C+0JSg2ybUopOQVSrvildJEa8CWbM1SAL1j3E24U2fPh+zVmIxqa2m4X/PxFBBTv
-WVGayzFkmJK2Dgt7F7hBqi5HelP0B38dXtkPlK6idTALNHoS/7HCDXISgHmDOhcQ
-LHGQUuQMkTq6H4cOMwTNO5aM2zc5E9uF/hptlQKBgEHHkftQIKdZAn+Zc8Bud+j+
-iGGTv5JmIPIj0mwIJJFcJ6f0CJCr8RIJsNzMvXeTSP9FCz3LuOWGLW4mM2H37mw3
-MB6GtNgNrLC5cXYiIs3m2XhPq/p9bEr/4ENnzSlposGR7ohVExjjtFig/uFDfzIy
-WE+MG+cunOCoxWBwLCKTAoGBALQP/0vtpYTV/eT2NS0A7uyCt3Kzt94dZDYgTUH/
-Z0hMR2OFcUOj2Qzs5R/dpnxVA+dUMGXOAXeVNHk7CcsFhtbxHX3dbCQYEj4yvVyu
-fVAS6M8MDqsoqh//uHbnuMB1dmlZrq+zmwecPjdgNbF76TGNuz9MbGOGmOO6Yk6f
-LhsLAoGAJoK+yRDaEFDwrjdvGazEy/d1CtknkGY2r4vb8giEodFJcQQhtVtjnYPl
-gDIpbcpeT0GDiZd0pxAxpibbKM63pYz8PKtlq0B/qXgArRgJnbku01Jc4iLVWPqK
-qitRgsz1HdN2tIqa8oQE0iuvyoq+r6+pqcQJd7sc6lKlk0gO0Mo=
------END RSA PRIVATE KEY-----