diff options
| author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-29 14:54:00 -0400 |
|---|---|---|
| committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-29 14:54:00 -0400 |
| commit | e04825a10f888602276a2e803401a879dbcec671 (patch) | |
| tree | 28450dca9259d8500338703bee469dc80ef7f49d /src | |
| parent | 2a9024360d16701f4bc9f92290aeeedfe33a1163 (diff) | |
Add better host certifier management, and updated man page.
Diffstat (limited to 'src')
| -rwxr-xr-x | src/monkeysphere | 2 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 72 |
2 files changed, 55 insertions, 19 deletions
diff --git a/src/monkeysphere b/src/monkeysphere index ab42665..b10adb7 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -72,7 +72,7 @@ gen_subkey(){ # prompt if an authentication subkey already exists if echo "$gpgOut" | egrep "^(pub|sub):" | cut -d: -f 12 | grep -q a ; then echo "An authentication subkey already exists for key '$keyID'." - read -p "Are you sure you would like to generate another one? [y|N]: " OK; OK=${OK:N} + read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then failure "aborting." fi diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 9196c2f..a080076 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -41,7 +41,9 @@ subcommands: gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint publish-key (p) publish server's host key to keyserver - trust-key (t) KEYID import and tsign a certification key + add-certifier (a) KEYID import and tsign a certification key + remove-certifier (r) KEYID remove a certification key + list-certifiers (l) list certification keys help (h,?) this help EOF @@ -245,7 +247,7 @@ EOF echo "The following key parameters will be used for the host private key:" echo "$keyParameters" - read -p "Generate key? [Y|n]: " OK; OK=${OK:=Y} + read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi @@ -284,7 +286,7 @@ fingerprint_server_key() { # publish server key to keyserver publish_server_key() { - read -p "really publish key to $KEYSERVER? [y|N]: " OK; OK=${OK:=N} + read -p "really publish key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi @@ -297,22 +299,14 @@ publish_server_key() { failure "NOT PUBLISHED (to avoid permanent publication errors during monkeysphere development)." } -# retrieve key from web of trust, and set owner trust to "full" -# if key is found. -trust_key() { +# retrieve key from web of trust, import it into the host keyring, and +# ltsign the key in the host keyring so that it may certify other keys +add_certifier() { local keyID - local trustLevel + local fingerprint + local ltsignCommand keyID="$1" - - # default values for trust depth and domain - DEPTH=${DEPTH:-1} - DOMAIN=${DOMAIN:-} - - if [ -z "$keyID" ] ; then - failure "You must specify key to trust." - fi - export keyID # export host ownertrust to authentication keyring @@ -332,9 +326,18 @@ trust_key() { echo "key found:" gpg_authentication "--fingerprint $fingerprint" + read -p "Are you sure you want to add this key as a certifier of users on this system? (y/N) " OK; OK=${OK:-N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + # export the key to the host keyring gpg_authentication "--export $keyID" | gpg_host --import + # default values for trust depth and domain + DEPTH=${DEPTH:-1} + DOMAIN=${DOMAIN:-} + # ltsign command # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF @@ -355,6 +358,25 @@ EOF gpg_authentication "--check-trustdb" } +# delete a certifiers key from the host keyring +remove_certifier() { + local keyID + local fingerprint + + keyID="$1" + + # delete the requested key (with prompting) + gpg_host --delete-key "$keyID" + + # update the trustdb for the authentication keyring + gpg_authentication "--check-trustdb" +} + +# list the host certifiers +list_certifiers() { + gpg_host --list-keys +} + ######################################################################## # MAIN ######################################################################## @@ -407,8 +429,22 @@ case $COMMAND in publish_server_key ;; - 'trust-key'|'t') - trust_key "$@" + 'add-certifier'|'a') + if [ -z "$1" ] ; then + failure "You must specify a key ID." + fi + add_certifier "$1" + ;; + + 'remove-certifier'|'r') + if [ -z "$1" ] ; then + failure "You must specify a key ID." + fi + remove_certifier "$1" + ;; + + 'list-certifiers'|'l') + list_certifiers "$@" ;; 'help'|'h'|'?') |