diff options
| author | Matt Goins <mjgoins@openflows.com> | 2009-02-20 11:42:10 -0500 |
|---|---|---|
| committer | Matt Goins <mjgoins@openflows.com> | 2009-02-20 11:42:10 -0500 |
| commit | d41fe28eb49e42d7773a223a43fd108913410c99 (patch) | |
| tree | a109a88b02089a3f328730a9aa394e3155fda916 /src/share/m/import_subkey | |
| parent | 3b48f2e80fac8d0fc62537ed07b3d1f1946648cd (diff) | |
| parent | 9b47ae89c3840eb2af9a57a885e19ccbe36957d5 (diff) | |
Merge commit 'jrollins/master'
Diffstat (limited to 'src/share/m/import_subkey')
| -rw-r--r-- | src/share/m/import_subkey | 72 |
1 files changed, 43 insertions, 29 deletions
diff --git a/src/share/m/import_subkey b/src/share/m/import_subkey index aa89958..8d60f26 100644 --- a/src/share/m/import_subkey +++ b/src/share/m/import_subkey @@ -13,41 +13,55 @@ # import an existing ssh key as a gpg subkey +## 2009-02-20 00:49:11-0500: This is not implemented yet, because we +## don't currently have a good way to manipulate the user's OpenPGP +## secret key such that we could make a proper subkey binding +## signature. + import_subkey() { - local keyFile="~/.ssh/id_rsa" - local keyExpire + local sshKeyFile local keyID - local gpgOut - local userID - - # get options - while true ; do - case "$1" in - -f|--keyfile) - keyFile="$2" - shift 2 - ;; - -e|--expire) - keyExpire="$2" - shift 2 - ;; - *) - if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then - failure "Unknown option '$1'. -Type '$PGRM help' for usage." - fi - break - ;; - esac - done - - log verbose "importing ssh key..." - fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + local gpgSecOut + local fifoDir + + # FIXME: implement! + failure "import-subkey is not implemented yet. We welcome patches. Sorry!" + + sshKeyFile="$1" + shift + + # check that key file specified + if [ -z "$sshKeyFile" ] ; then + failure "Must specify ssh key file to import, or specify '-' for stdin." + fi + + # check that the keyID is unique + keyID=$(check_gpg_sec_key_id "$@") + + # check that an authentication subkey does not already exist + check_gpg_authentication_subkey "$keyID" + + # setup the temp fifo dir for retrieving the key password + log debug "creating password fifo..." + fifoDir=$(msmktempdir) + trap "rm -rf $fifoDir" EXIT (umask 077 && mkfifo "$fifoDir/pass") - ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + # import ssh key to as authentication subkey + if [ "$sshKeyFile" = '-' ] ; then + log verbose "importing ssh key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + else + log verbose "importing ssh key from file '$sshKeyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" <"$sshKeyFile" \ + | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + fi + + # get the password if needed passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + trap - EXIT rm -rf "$fifoDir" wait log verbose "done." |