diff options
author | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-08 23:59:35 -0500 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@finestructure.net> | 2009-02-08 23:59:35 -0500 |
commit | 770f45b0c1d72a1bb89fd98fe070a6dfdcc4c0bf (patch) | |
tree | bdc3d81acc860b08f07e00695c9c1206fe1b3247 | |
parent | 9cc92238a9a9b21d37b983932d5a6a012cf80aba (diff) | |
parent | 7485d66be9e4aebaf273b8b4082caa4c2404f6e7 (diff) |
Merge commit 'dkg/master'
-rw-r--r-- | man/man1/pem2openpgp.1 | 72 | ||||
-rwxr-xr-x | src/keytrans/pem2openpgp | 18 | ||||
-rw-r--r-- | src/share/ma/setup | 13 | ||||
-rw-r--r-- | src/share/mh/import_key | 5 | ||||
-rwxr-xr-x | tests/basic | 19 | ||||
-rw-r--r-- | tests/etc/monkeysphere/monkeysphere-authentication.conf | 2 | ||||
-rwxr-xr-x | tests/home/testuser/.ssh/proxy-command | 3 | ||||
-rwxr-xr-x | tests/keytrans | 8 | ||||
-rw-r--r-- | website/news/plans-for-the-bezoar.mdwn | 45 |
9 files changed, 143 insertions, 42 deletions
diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1 index 8ac230b..ae75b11 100644 --- a/man/man1/pem2openpgp.1 +++ b/man/man1/pem2openpgp.1 @@ -4,24 +4,82 @@ .Os .Sh NAME pem2openpgp -.Nd translate PEM encoded keys to OpenPGP keys +.Nd translate PEM-encoded RSA keys to OpenPGP certificates .Sh SYNOPSIS -.Nm pem2openpgp $USERID < mykey.pem +.Nm pem2openpgp "$USERID" < mykey.pem | gpg --import .Pp -.Nm ??? gpg --export $KEYID | openpgp2ssh $KEYID -.Pp -.Nm ????gpg --export-secret-key $KEYID | openpgp2ssh $KEYID +.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" <mykey.pem .Sh DESCRIPTION .Nm -WRITE ME!!! +is a low-level utility for transforming raw, PEM-encoded RSA secret +keys into OpenPGP-formatted certificates. The generated certificates +include the secret key material, so they should be handled carefully. +.Pp +It works as an element within a pipeline: feed it the raw key on +stdin, supply the desired User ID as a command line argument. Note +that you may need to quote the string to ensure that it is entirely in +a single argument. +.Pp +Other choices about how to generate the new OpenPGP certificate are +governed by environment variables. +.Sh ENVIRONMENT +The following environment variables influence the behavior of +.Nm : +.Pp +.ti 3 +\fBPEM2OPENPGP_TIMESTAMP\fP controls the timestamp (measured in +seconds since the UNIX epoch) indicated as the creation time (a.k.a +"not valid before") of the generated certificate. By default, +.Nm +uses the current time. +.Pp +.ti 3 +\fBPEM2OPENPGP_USAGE_FLAGS\fP should contain a comma-separated list of +valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what +these mean). The available choices are: certify, sign, encrypt_comms, +encrypt_storage, encrypt (this means both encrypt_comms and +encrypt_storage), authenticate, split, shared. By default, +.Nm +only sets the certify flag. +.Pp +.ti 3 +\fBPEM2OPENPGP_EXPIRATION\fP sets an expiration (measured in seconds +after the creation time of the key) in each self-signature packet. By +default, no expiration subpacket is included. +.Pp +.ti 3 +\fBPEM2OPENPGP_NEWKEY\fP indicates that +.Nm +should ignore stdin, and instead generate a new key internally and +build the certificate based on this new key. Set this variable to the +number of bits for the new key (e.g. 2048). By default (when this is +unset), +.Nm +will read the key from stdin. .Sh AUTHOR .Nm and this man page were written by Daniel Kahn Gillmor <dkg@fifthhorseman.net>. .Sh BUGS +Only handles RSA keys at the moment. It would be nice to handle DSA +keys as well. +.Pp +Currently only creates certificates with a single User ID. Should be +able to create certificates with multiple User IDs. +.Pp +Currently only accepts unencrypted RSA keys. It should be able to +deal with passphrase-locked key material. +.Pp +Currently outputs OpenPGP certificates with cleartext secret key +material. It would be good to be able to lock the output with a +passphrase. +.Pp +If you find other bugs, please report them at +https://labs.riseup.net/code/projects/show/monkeysphere .Sh SEE ALSO .Xr openpgp2ssh 1, .Xr monkeysphere 1 , .Xr monkeysphere 7 , .Xr ssh 1 , -.Xr monkeysphere-server 8 +.Xr monkeysphere-host 8 , +.Xr monkeysphere-authentication 8 diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index e905644..2631da6 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -347,13 +347,16 @@ sub fingerprint { return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); } -# we're just not dealing with newline business right now. slurp in -# the whole file. -undef $/; -my $buf = <STDIN>; - -my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf); +my $rsa; +if (defined $ENV{PEM2OPENPGP_NEWKEY}) { + $rsa = Crypt::OpenSSL::RSA->generate_key($ENV{PEM2OPENPGP_NEWKEY}); +} else { + # we're just not dealing with newline business right now. slurp in + # the whole file. + undef $/; + $rsa = Crypt::OpenSSL::RSA->new_private_key(<STDIN>); +} $rsa->use_sha1_hash(); @@ -495,11 +498,8 @@ my $datatosign = $sig_data_to_be_hashed. $trailer; -print STDERR $datatosign; - my $data_hash = Digest::SHA1::sha1_hex($datatosign); - my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid); my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign)); diff --git a/src/share/ma/setup b/src/share/ma/setup index 422cfd3..034f047 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -53,17 +53,8 @@ EOF local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64)) - local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - - # generate the key with ssh-keygen... - log debug "generating ssh key ($CORE_KEYLENGTH bits)..." - ssh-keygen -q -b "$CORE_KEYLENGTH" -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" - # and then translate to openpgp encoding and import - # FIXME: pem2openpgp currently sets the A flag and a short - # expiration date. We should set the C flag and no expiration - # date. - log debug "converting ssh key to openpgp key and importing into core..." - < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" + log debug "generating monkeysphere authentication trust core key ($CORE_KEYLENGTH bits)..." + PEM2OPENPGP_USAGE_FLAGS=certify PEM2OPENPGP_NEWKEY=$CORE_KEYLENGTH pem2openpgp "$CORE_UID" | gpg_core --import || failure "Could not import new key for Monkeysphere authentication trust core" # get fingerprint of core key. should definitely not be empty at this point log debug "get core key fingerprint..." diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 2e73a8c..93afb0a 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -17,7 +17,7 @@ local hostName local userID local fingerprint -# check for presense of secret key +# check for presence of secret key # FIXME: is this the proper test to be doing here? fingerprint_host_key >/dev/null \ && failure "An OpenPGP host key already exists." @@ -32,8 +32,7 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "importing ssh key..." # translate ssh key to a private key -(umask 077 && \ - pem2openpgp "$userID" | gpg_host --import) +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | gpg_host --import # find the key fingerprint of the newly converted key fingerprint=$(fingerprint_host_key) diff --git a/tests/basic b/tests/basic index 5c6b4bb..d9399f0 100755 --- a/tests/basic +++ b/tests/basic @@ -17,7 +17,8 @@ set -e # piped commands should return the code of the first non-zero return set -o pipefail -export TESTDIR=$(dirname "$0") +# make sure the TESTDIR is an absolute path, not a relative one. +export TESTDIR=$(cd $(dirname "$0") && pwd) source "$TESTDIR"/common @@ -32,6 +33,7 @@ which socat >/dev/null || { echo "You must have socat installed to run this test # gpg command for test admin user gpgadmin() { + chmod 0700 "$TEMPDIR"/admin GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } @@ -89,12 +91,8 @@ trap failed_cleanup EXIT ## the tests, not system-wide: # make temp dir -TEMPDIR="$TESTDIR"/tmp -if [ -e "$TEMPDIR" ] ; then - echo "tempdir '$TEMPDIR' already exists." - exit 1 -fi -mkdir -p "$TEMPDIR" +mkdir -p "$TESTDIR"/tmp +TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") # Use the local copy of executables first, instead of system ones. # This should help us test without installing. @@ -130,6 +128,7 @@ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ # set up environment for testuser export TESTHOME="$TEMPDIR"/testuser export GNUPGHOME="$TESTHOME"/.gnupg +chmod 0700 "$GNUPGHOME" export SSH_ASKPASS="$TESTHOME"/.ssh/askpass export MONKEYSPHERE_HOME="$TESTHOME"/.monkeysphere cat <<EOF >> "$TESTHOME"/.ssh/config @@ -207,7 +206,7 @@ echo "##################################################" echo "### setup monkeysphere authentication..." cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ cat <<EOF >> "$TEMPDIR"/monkeysphere-authentication.conf -AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" +AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authorized_user_ids" EOF monkeysphere-authentication setup get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf @@ -236,7 +235,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "##################################################" echo "### export testuser key to server..." -gpg --export testuser | monkeysphere-authentication gpg-cmd --import +gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import # update authorized_keys for user echo "##################################################" @@ -247,7 +246,7 @@ monkeysphere-authentication update-users $(whoami) ###################################################################### ### TESTS -# connect to test sshd, using monkeysphere-ssh-proxycommand to verify +# connect to test sshd, using monkeysphere ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "##################################################" echo "### ssh connection test for success..." diff --git a/tests/etc/monkeysphere/monkeysphere-authentication.conf b/tests/etc/monkeysphere/monkeysphere-authentication.conf index 9cc396f..b4ecc05 100644 --- a/tests/etc/monkeysphere/monkeysphere-authentication.conf +++ b/tests/etc/monkeysphere/monkeysphere-authentication.conf @@ -1,4 +1,4 @@ -# Base monkeysphere-server.conf for monkeysphere tests +# Base monkeysphere-authentication.conf for monkeysphere tests # AUTHORIZED_USER_IDS variable will be added dynamically during test. diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command index 21c66fa..214cc23 100755 --- a/tests/home/testuser/.ssh/proxy-command +++ b/tests/home/testuser/.ssh/proxy-command @@ -3,6 +3,7 @@ # simple socket-based proxy-command wrapper for testing monkeysphere. # pass this thing the host, the port, and the socket. +which monkeysphere >&2 -monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \ +monkeysphere ssh-proxycommand --no-connect "$1" "$2" && \ exec socat STDIO UNIX:"$3" diff --git a/tests/keytrans b/tests/keytrans index e1ccda5..285d17b 100755 --- a/tests/keytrans +++ b/tests/keytrans @@ -78,3 +78,11 @@ diff -u \ <(PEM2OPENPGP_USAGE_FLAGS=sign,certify \ PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest < \ "$TEMPDIR"/test.pem | hd ) + +trap - EXIT + +echo "##################################################" +echo " Monkeysphere keytrans test completed successfully!" +echo "##################################################" + +cleanup diff --git a/website/news/plans-for-the-bezoar.mdwn b/website/news/plans-for-the-bezoar.mdwn new file mode 100644 index 0000000..0fb2c5b --- /dev/null +++ b/website/news/plans-for-the-bezoar.mdwn @@ -0,0 +1,45 @@ +[[meta title="Plans for The Golden Bezoar"]] + +A workday with several Monkeysphere contributors on 2009-01-31 +resulted in a significant reorganization of the project in several +areas, primarily driven by the realization that there are two +fundamentally different concepts on the server side: + +* publishing host keys via the Web-of-Trust (WoT), and +* authenticating users via the WoT. + +For simplicity and clarity, those two concepts should be independent +from each other, but earlier releases of the Monkeysphere tangled the +two up together more than we probably should have. + +So the next release, version 0.23 (a.k.a. *The Golden Bezoar*) will +have the following significant changes: + +* __user interface__: `/usr/sbin/monkeysphere-server` is no more, and + its functionality will be split out into + `/usr/sbin/monkeysphere-host` (for functionality dealing with + publishing the ssh host key through the WoT) and + `/usr/sbin/monkeysphere-authentication` (for functionality dealing + with authenticating users via the + WoT). `/usr/bin/monkeysphere-ssh-proxycommand` has been folded into + `/usr/bin/monkeysphere` itself as a new subcommand. + +* __code__: the subfunctions are now stored in their own separate + files, and sourced as-needed by the three top-level commands. The + test suite has also been re-written to reflect the above UI changes. + +* __documentation__: in addition to making the man pages reflect the + above UI changes, we're rewriting the "getting started" + [documentation](/doc/) to use the conceptually-cleaner distinctions + above. + +* __data storage__: `/var/lib/monkeysphere` itself has been + re-organized with the aim of keeping the host/authentication + distinction clear, simplifying the internal use of `gpg`, and + facilitating privilege-separated access. + +*The Golden Bezoar* will also feature the ability to painlessly +publish your current ssh host key to the WoT without needing to re-key +the server. If you're considering adopting the Monkeysphere in the +near future, we recommend waiting for 0.23 to be released, as it +should be conceptually clearer and easier to use. |