summaryrefslogtreecommitdiff
path: root/src/share/mh/import_key
diff options
context:
space:
mode:
authorJameson Rollins <jrollins@finestructure.net>2010-01-15 19:19:15 -0500
committerJameson Rollins <jrollins@finestructure.net>2010-01-15 19:19:15 -0500
commitce45ef5702e072e869fa9d1b703f99dc740eb000 (patch)
treec0aca35789dd24b73b8220fac2d83f73c18fb818 /src/share/mh/import_key
parent1e207b9914d4b19450c94a3de4dbf41305638035 (diff)
Major rework of monkeysphere-host to handle multiple host keys.
This rework removes any assumption that monkeysphere-host is just managing a single host key, or that the keys are used specifically for ssh. The UI is exactly backwards compatible except that hostnames ('example.com') must be replaced by full service names ('ssh://example.com'). This incarnation passes the old tests with those changes only. There are a couple of things that still need to be done: - need to see if a transition script is needed (some local file names have changed) - need to fill in check_service_name function to verify that a specified service name fits the expected format. - update diagnostics appropriately
Diffstat (limited to 'src/share/mh/import_key')
-rw-r--r--src/share/mh/import_key44
1 files changed, 17 insertions, 27 deletions
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index f7c69c3..ada2914 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -8,60 +8,50 @@
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
-# They are Copyright 2008-2009 and are all released under the GPL,
+# They are Copyright 2008-2010 and are all released under the GPL,
# version 3 or later.
import_key() {
-local sshKeyFile
-local hostName
-local domain
-local userID
-
-sshKeyFile="$1"
-hostName="$2"
+local keyFile="$1"
+local serviceName="$2"
# check that key file specified
-if [ -z "$sshKeyFile" ] ; then
- failure "Must specify ssh key file to import, or specify '-' for stdin."
+if [ -z "$keyFile" ] ; then
+ failure "Must specify PEM-encoded key file to import, or specify '-' for stdin."
fi
# fail if hostname not specified
-if [ -z "$hostName" ] ; then
- failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
+if [ -z "$serviceName" ] ; then
+ failure "You must specify a service name for use in the OpenPGP certificate user ID."
fi
-userID="ssh://${hostName}"
+# check that the service name is well formatted
+check_service_name "$serviceName"
# create host home
mkdir -p "${MHDATADIR}"
mkdir -p "${GNUPGHOME_HOST}"
chmod 700 "${GNUPGHOME_HOST}"
-# import ssh key to a private key
-if [ "$sshKeyFile" = '-' ] ; then
- log verbose "importing ssh key from stdin..."
- PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
+# import pem-encoded key to an OpenPGP private key
+if [ "$keyFile" = '-' ] ; then
+ log verbose "importing key from stdin..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \
| gpg_host --import
else
- log verbose "importing ssh key from file '$sshKeyFile'..."
- PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
- <"$sshKeyFile" \
+ log verbose "importing key from file '$keyFile'..."
+ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \
+ <"$keyFile" \
| gpg_host --import
fi
-# load the new host fpr into the fpr variable. this is so we can
-# create the gpg pub key file. we have to do this from the secret key
-# ring since we obviously don't have the gpg pub key file yet, since
-# that's what we're trying to produce (see below).
-load_fingerprint_secret
-
# export to gpg public key to file
update_gpg_pub_file
log info "host key imported:"
# show info about new key
-show_key
+show_key "$serviceName"
}