summaryrefslogtreecommitdiff
path: root/src/monkeysphere-server
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-29 14:54:00 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-06-29 14:54:00 -0400
commite04825a10f888602276a2e803401a879dbcec671 (patch)
tree28450dca9259d8500338703bee469dc80ef7f49d /src/monkeysphere-server
parent2a9024360d16701f4bc9f92290aeeedfe33a1163 (diff)
Add better host certifier management, and updated man page.
Diffstat (limited to 'src/monkeysphere-server')
-rwxr-xr-xsrc/monkeysphere-server72
1 files changed, 54 insertions, 18 deletions
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 9196c2f..a080076 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -41,7 +41,9 @@ subcommands:
gen-key (g) [HOSTNAME] generate gpg key for the server
show-fingerprint (f) show server's host key fingerprint
publish-key (p) publish server's host key to keyserver
- trust-key (t) KEYID import and tsign a certification key
+ add-certifier (a) KEYID import and tsign a certification key
+ remove-certifier (r) KEYID remove a certification key
+ list-certifiers (l) list certification keys
help (h,?) this help
EOF
@@ -245,7 +247,7 @@ EOF
echo "The following key parameters will be used for the host private key:"
echo "$keyParameters"
- read -p "Generate key? [Y|n]: " OK; OK=${OK:=Y}
+ read -p "Generate key? (Y/n) " OK; OK=${OK:=Y}
if [ ${OK/y/Y} != 'Y' ] ; then
failure "aborting."
fi
@@ -284,7 +286,7 @@ fingerprint_server_key() {
# publish server key to keyserver
publish_server_key() {
- read -p "really publish key to $KEYSERVER? [y|N]: " OK; OK=${OK:=N}
+ read -p "really publish key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
if [ ${OK/y/Y} != 'Y' ] ; then
failure "aborting."
fi
@@ -297,22 +299,14 @@ publish_server_key() {
failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development)."
}
-# retrieve key from web of trust, and set owner trust to "full"
-# if key is found.
-trust_key() {
+# retrieve key from web of trust, import it into the host keyring, and
+# ltsign the key in the host keyring so that it may certify other keys
+add_certifier() {
local keyID
- local trustLevel
+ local fingerprint
+ local ltsignCommand
keyID="$1"
-
- # default values for trust depth and domain
- DEPTH=${DEPTH:-1}
- DOMAIN=${DOMAIN:-}
-
- if [ -z "$keyID" ] ; then
- failure "You must specify key to trust."
- fi
-
export keyID
# export host ownertrust to authentication keyring
@@ -332,9 +326,18 @@ trust_key() {
echo "key found:"
gpg_authentication "--fingerprint $fingerprint"
+ read -p "Are you sure you want to add this key as a certifier of users on this system? (y/N) " OK; OK=${OK:-N}
+ if [ "${OK/y/Y}" != 'Y' ] ; then
+ failure "aborting."
+ fi
+
# export the key to the host keyring
gpg_authentication "--export $keyID" | gpg_host --import
+ # default values for trust depth and domain
+ DEPTH=${DEPTH:-1}
+ DOMAIN=${DOMAIN:-}
+
# ltsign command
# NOTE: *all* user IDs will be ltsigned
ltsignCommand=$(cat <<EOF
@@ -355,6 +358,25 @@ EOF
gpg_authentication "--check-trustdb"
}
+# delete a certifiers key from the host keyring
+remove_certifier() {
+ local keyID
+ local fingerprint
+
+ keyID="$1"
+
+ # delete the requested key (with prompting)
+ gpg_host --delete-key "$keyID"
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
+}
+
+# list the host certifiers
+list_certifiers() {
+ gpg_host --list-keys
+}
+
########################################################################
# MAIN
########################################################################
@@ -407,8 +429,22 @@ case $COMMAND in
publish_server_key
;;
- 'trust-key'|'t')
- trust_key "$@"
+ 'add-certifier'|'a')
+ if [ -z "$1" ] ; then
+ failure "You must specify a key ID."
+ fi
+ add_certifier "$1"
+ ;;
+
+ 'remove-certifier'|'r')
+ if [ -z "$1" ] ; then
+ failure "You must specify a key ID."
+ fi
+ remove_certifier "$1"
+ ;;
+
+ 'list-certifiers'|'l')
+ list_certifiers "$@"
;;
'help'|'h'|'?')