diff options
author | Jameson Rollins <jrollins@finestructure.net> | 2010-01-15 19:19:15 -0500 |
---|---|---|
committer | Jameson Rollins <jrollins@finestructure.net> | 2010-01-15 19:19:15 -0500 |
commit | ce45ef5702e072e869fa9d1b703f99dc740eb000 (patch) | |
tree | c0aca35789dd24b73b8220fac2d83f73c18fb818 /src/share/mh/import_key | |
parent | 1e207b9914d4b19450c94a3de4dbf41305638035 (diff) |
Major rework of monkeysphere-host to handle multiple host keys.
This rework removes any assumption that monkeysphere-host is just
managing a single host key, or that the keys are used specifically for
ssh. The UI is exactly backwards compatible except that hostnames
('example.com') must be replaced by full service names
('ssh://example.com'). This incarnation passes the old tests with
those changes only.
There are a couple of things that still need to be done:
- need to see if a transition script is needed (some local file names
have changed)
- need to fill in check_service_name function to verify that a
specified service name fits the expected format.
- update diagnostics appropriately
Diffstat (limited to 'src/share/mh/import_key')
-rw-r--r-- | src/share/mh/import_key | 44 |
1 files changed, 17 insertions, 27 deletions
diff --git a/src/share/mh/import_key b/src/share/mh/import_key index f7c69c3..ada2914 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -8,60 +8,50 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008-2009 and are all released under the GPL, +# They are Copyright 2008-2010 and are all released under the GPL, # version 3 or later. import_key() { -local sshKeyFile -local hostName -local domain -local userID - -sshKeyFile="$1" -hostName="$2" +local keyFile="$1" +local serviceName="$2" # check that key file specified -if [ -z "$sshKeyFile" ] ; then - failure "Must specify ssh key file to import, or specify '-' for stdin." +if [ -z "$keyFile" ] ; then + failure "Must specify PEM-encoded key file to import, or specify '-' for stdin." fi # fail if hostname not specified -if [ -z "$hostName" ] ; then - failure "You must specify a fully-qualified domain name for use in the host certificate user ID." +if [ -z "$serviceName" ] ; then + failure "You must specify a service name for use in the OpenPGP certificate user ID." fi -userID="ssh://${hostName}" +# check that the service name is well formatted +check_service_name "$serviceName" # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -# import ssh key to a private key -if [ "$sshKeyFile" = '-' ] ; then - log verbose "importing ssh key from stdin..." - PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ +# import pem-encoded key to an OpenPGP private key +if [ "$keyFile" = '-' ] ; then + log verbose "importing key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ | gpg_host --import else - log verbose "importing ssh key from file '$sshKeyFile'..." - PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - <"$sshKeyFile" \ + log verbose "importing key from file '$keyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + <"$keyFile" \ | gpg_host --import fi -# load the new host fpr into the fpr variable. this is so we can -# create the gpg pub key file. we have to do this from the secret key -# ring since we obviously don't have the gpg pub key file yet, since -# that's what we're trying to produce (see below). -load_fingerprint_secret - # export to gpg public key to file update_gpg_pub_file log info "host key imported:" # show info about new key -show_key +show_key "$serviceName" } |