Add sshfpr subcommand to monkeysphere

This is a very simple subcommand that outputs the ssh fingerprint of a
key in your gpg keyring, by keyid.

5 files changed, 41 insertions, 7 deletions

diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index 320cdfd..5badaa9 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -126,6 +126,14 @@ specify the full fingerprints of specific keys to add to the agent
 (space separated), instead of adding them all.  `s' may be used in
 place of `subkey\-to\-ssh\-agent'.
 .TP
+.B sshfpr KEYID
+Output the ssh fingerprint of a key in your gpg keyring. `f' may be
+used in place of `fingerprint'.
+.TP
+.B version
+Show the monkeysphere version number.  `v' may be used in place of
+`version'.
+.TP
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index a28922c..811e47a 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -59,12 +59,14 @@ Instruct system to ignore user identity certifications made by KEYID.
 List key IDs trusted by the system to certify user identities.  `c'
 may be used in place of `list\-id\-certifiers'.
 .TP
+.B version
+Show the monkeysphere version number.  `v' may be used in place of
+`version'.
+.TP
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.
-.TP
-.B version
-show version number
+
 
 Other commands:
 .TP
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index e96a497..131b8c7 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -78,12 +78,13 @@ Publish the host's OpenPGP key to the public keyservers.  `p' may be
 used in place of `publish-key'.  Note that there is no way to remove a
 key from the public keyservers once it is published!
 .TP
+.B version
+Show the monkeysphere version number.  `v' may be used in place of
+`version'.
+.TP
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.
-.TP
-.B version
-show version number
 
 
 Other commands:
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 9d404a8..b6592ad 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -7,10 +7,11 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low
     - clean out some redundant "cat"s
     - fix monkeysphere update-known_hosts for sshd running on non-standard
       ports
+    - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key
     - some portability improvements
   * update Standard-Version to 3.8.1
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Mon, 06 Apr 2009 22:20:55 -0700
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Thu, 30 Apr 2009 15:34:28 -0700
 
 monkeysphere (0.24-1) unstable; urgency=low
 
diff --git a/src/monkeysphere b/src/monkeysphere
index 147c179..6f43632 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -50,6 +50,7 @@ subcommands:
  ssh-proxycommand HOST [PORT]        monkeysphere ssh ProxyCommand
    --no-connect                        do not make TCP connection to host
  subkey-to-ssh-agent (s)             store authentication subkey in ssh-agent
+ sshfpr (f) KEYID                    output ssh fingerprint of gpg key
  version (v)                         show version number
  help (h,?)                          this help
 
@@ -61,6 +62,23 @@ gpg_user() {
     gpg --no-greeting --quiet --no-tty "$@"
 }
 
+# output the ssh fingerprint of a gpg key
+gpg_ssh_fingerprint() {
+    keyid="$1"
+    local tmpfile=$(mktemp)
+
+    # trap to remove tmp file if break
+    trap "rm -f $tmpfile" EXIT
+
+    # use temporary file, since ssh-keygen won't accept keys on stdin
+    gpg_user --export "$keyid" | openpgp2ssh "$keyid" >"$tmpfile"
+    ssh-keygen -l -f "$tmpfile" | awk '{ print $1, $2, $4 }'
+
+    # remove the tmp file
+    trap - EXIT
+    rm -rf "$tmpfile"
+}
+
 # take a secret key ID and check that only zero or one ID is provided,
 # and that it corresponds to only a single secret key ID
 check_gpg_sec_key_id() {
@@ -243,6 +261,10 @@ case $COMMAND in
 	subkey_to_ssh_agent "$@"
 	;;
 
+    'sshfpr'|'f')
+	gpg_ssh_fingerprint "$@"
+	;;
+
     'version'|'v')
 	version
 	;;