summaryrefslogtreecommitdiff
path: root/src/seckey2sshagent
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-09-05 22:23:30 -0700
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-09-05 22:23:30 -0700
commit4dea1f032d70830010160d7ceca012c792648d0a (patch)
tree05cdc3229edfa09ef2e19830d7626288423d773e /src/seckey2sshagent
parentd4d83e34a65cbb3be4b46da590297f326e660052 (diff)
dkg gets all of the credit for us finally being able to put to death
seckey2sshagent. If we need it, we know where it is. rip.
Diffstat (limited to 'src/seckey2sshagent')
-rwxr-xr-xsrc/seckey2sshagent143
1 files changed, 0 insertions, 143 deletions
diff --git a/src/seckey2sshagent b/src/seckey2sshagent
deleted file mode 100755
index a516256..0000000
--- a/src/seckey2sshagent
+++ /dev/null
@@ -1,143 +0,0 @@
-#!/bin/bash
-
-# seckey2sshagent: this is a hack of a script to cope with the fact
-# that openpgp2ssh currently cannot support encrypted secret keys.
-
-# the basic operating principal is:
-
-# export the secret key in encrypted format to a new keyring
-
-# remove the passphrase in that keyring
-
-# use that keyring with openpgp2ssh
-
-# Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
-# Jameson Rollins <jrollins@fifthhorseman.net>
-
-explanation() {
-
- cat <<EOF
-Usage: $0 [GPGID [FILE]]
-
-The basic strategy of seckey2sshagent is to dump your OpenPGP
-authentication key(s) into your agent or a file. With no arguments,
-it will add all secret keys in your keyring to the agent. With one
-argument, it adds only the specified key to the agent. With two
-arguments, it dumps the specified key to FILE, with the pub key in
-FILE.pub.
-
-This script is a gross hack at the moment. It is done by creating a
-new, temporary private keyring, letting the user remove the
-passphrases from the keys, and then exporting them. The temporary
-private keyring is purged from the system.
-
-When you use this command, you'll find yourself dropped into a GPG
-'edit-key' dialog relevant *only* to the temporary private keyring.
-
-At that point, you should clear the password from your key, with:
-
- passwd
- <enter your current password>
-
-followed by the empty string for the new password. GPG will ask you
-if you're really sure. Answer yes, because this is only relevant to
-the temporary keyring. Then, do:
-
- save
-
-At this point, your key will be added to your running ssh-agent with
-the alias 'monkeysphere-key' and seckey2sshagent should terminate.
-You can check on it with:
-
- ssh-add -l
-
-EOF
-}
-
-cleanup() {
- echo -n "removing temp gpg home... " 1>&2
- rm -rf "$TMPPRIVATE"
- echo "done." 1>&2
-}
-
-export_sec_key() {
- gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import
-
- GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID"
-
- # idea to script the password stuff. not working.
- # read -s -p "enter gpg password: " PASSWD; echo
- # cmd=$(cat <<EOF
- # passwd
- # $PASSWD
- # \n
- # \n
- # \n
- # yes
- # save
- # EOF
- # )
- # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
-
- # export secret key to file
- GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \
- openpgp2ssh "$GPGID"
-}
-
-# if no hex string is supplied, just print an explanation.
-# this covers seckey2sshagent --help, --usage, -h, etc...
-if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then
- explanation
- exit
-fi
-
-# set the file creation umask
-umask 077
-
-GPGIDS="$1"
-if [ "$2" -a ! -e "$2" ] ; then
- FILE="$2"
-fi
-
-if [ -z "$GPGIDS" ]; then
- # hack: we need to get the list of secret keys, because if you
- # --list-secret-keys with no arguments, GPG fails to print the
- # capability flags (i've just filed this as
- # https://bugs.g10code.com/gnupg/issue945)
- KEYIDS=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
- # default to using all fingerprints of authentication-enabled keys
- GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
-fi
-
-trap cleanup EXIT
-
-for GPGID in $GPGIDS; do
-
- TMPPRIVATE=$(mktemp -d)
-
- # if specified, write key to fail and passprotect
- if [ "$FILE" ] ; then
- # export secret key to file
- export_sec_key > "$TMPPRIVATE/key"
- # passprotect file
- ssh-keygen -f "${TMPPRIVATE}/key" -p
- # move into place
- mv "${TMPPRIVATE}/key" "$FILE"
-
- # export public key
- gpg --export "$GPGID" | openpgp2ssh "$GPGID" > "${FILE}.pub"
-
- # otherwise add to agent
- else
- KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')''
-
- # creating this alias so the key is named "monkeysphere-key" in the
- # comment stored by the agent, while never being written to disk in
- # SSH form:
- ln -s /dev/stdin "${TMPPRIVATE}/${KEYNAME}"
-
- # export secret key to agent
- export_sec_key | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME")
- fi
-
-done