diff options
44 files changed, 1675 insertions, 975 deletions
@@ -2,7 +2,7 @@ Monkeysphere is a system to use the OpenPGP web-of-trust to authenticate and encrypt ssh connections. It is free software, developed by: - Jameson Graef Rollins <jrollins@finestructure.net> + Jameson Rollins <jrollins@finestructure.net> Daniel Kahn Gillmor <dkg@fifthhorseman.net> Jamie McClelland <jamie@mayfirst.org> Micah Anderson <micah@riseup.net> @@ -2,10 +2,10 @@ # Makefile for monkeysphere -# (c) 2008-2009 Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# © 2008-2010 Daniel Kahn Gillmor <dkg@fifthhorseman.net> # Licensed under GPL v3 or later -MONKEYSPHERE_VERSION = `head -n1 packaging/debian/changelog | sed 's/.*(\([^-]*\)-.*/\1/'` +MONKEYSPHERE_VERSION = `head -n1 changelog | sed 's/.*(\([^-]*\)).*/\1/'` # these defaults are for debian. porters should probably adjust them # before calling make install @@ -21,7 +21,7 @@ tarball: clean rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) mkdir -p monkeysphere-$(MONKEYSPHERE_VERSION)/doc ln -s ../../website/getting-started-user.mdwn ../../website/getting-started-admin.mdwn ../../doc/TODO ../../doc/MonkeySpec monkeysphere-$(MONKEYSPHERE_VERSION)/doc - ln -s ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) + ln -s ../changelog ../COPYING ../etc ../Makefile ../man ../src ../tests monkeysphere-$(MONKEYSPHERE_VERSION) echo Monkeysphere $(MONKEYSPHERE_VERSION) > monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION echo -n "git revision " >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION git rev-parse HEAD >> monkeysphere-$(MONKEYSPHERE_VERSION)/VERSION @@ -68,6 +68,7 @@ install: all installman install -m 0644 src/share/mh/* $(DESTDIR)$(PREFIX)/share/monkeysphere/mh install -m 0644 src/share/ma/* $(DESTDIR)$(PREFIX)/share/monkeysphere/ma install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere + install changelog $(DESTDIR)$(PREFIX)/share/doc/monkeysphere install -m 0644 etc/monkeysphere.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-host.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-host.conf$(ETCSUFFIX) install -m 0644 etc/monkeysphere-authentication.conf $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere/monkeysphere-authentication.conf$(ETCSUFFIX) @@ -83,8 +84,12 @@ installman: releasenote: ./utils/build-releasenote -test: - MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/keytrans +test: test-keytrans test-basic + +test-basic: MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/basic +test-keytrans: + MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/keytrans + .PHONY: all tarball debian-package freebsd-distinfo clean install installman releasenote test diff --git a/changelog b/changelog index 4264fa4..8638da6 120000..100644 --- a/changelog +++ b/changelog @@ -1 +1,394 @@ -packaging/debian/changelog
\ No newline at end of file +monkeysphere (0.28.1) unstable; urgency=low + + * Fix man page typo about monkeysphere authorized_keys location + + -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 04 Feb 2010 11:57:45 -0500 + +monkeysphere (0.28) unstable; urgency=low + + * Major rework of monkeysphere-host to handle multiple host keys. We + also no longer assume ssh service keys. monkeysphere-host is now a + general-purpose host service OpenPGP key management UI. + * Rename keys-from-userid command to more accurate keys-for-userid + * separate upstream and debian changelogs + + -- Jameson Rollins <jrollins@finestructure.net> Tue, 19 Jan 2010 13:50:31 -0500 + +monkeysphere (0.27) unstable; urgency=low + + * fixed monkeysphere gen-subkey subcommand that was erroneously creating + DSA subkeys due to unannounced change in gpg edit-key UI. Now tests + for gpg version (closes MS #1536) + * add new monkeysphere keys-from-userid subcommand to output all + acceptable keys for a given user ID literal + + -- Jameson Rollins <jrollins@finestructure.net> Mon, 11 Jan 2010 20:54:21 -0500 + +monkeysphere (0.26) unstable; urgency=low + + * add 'refresh-keys' subcommand to monkeysphere-authentication + * improve marginal UI (closes MS #1141) + * add MONKEYSPHERE_STRICT_MODES configuration to avoid + permission-checking (closes MS #649) + * test scripts use STRICT_MODES to avoid failure when built under /tmp + * do permissions checks with a perl script instead of non-portable + readlink GNUisms + * bail on permissions check if we hit the home directory (helpful on Mac + OS and other systems with loose /home or /Users (closes MS #675) + + -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 01 Aug 2009 17:11:05 -0400 + +monkeysphere (0.25) unstable; urgency=low + + * New upstream release: + * update/fix the marginal ui output + * use msmktempdir everywhere (avoid unwrapped calls to mktemp for + portability) + * clean out some redundant "cat"s + * fix monkeysphere update-known_hosts for sshd running on non-standard + ports + * add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key + * pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 + (changes dependency to libdigest-sha-perl) + * some portability improvements + * properly handle translation of keys with fingerprints with leading + all-zero bytes. + * resolve symlinks when checking paths (thanks Silvio Rhatto) + (closes MS #917) + * explicitly set and use MONKEYSPHERE_GROUP from system "groups" + * monkeysphere-host now uses keytrans to add and revoke hostname + (closes MS #422) + + -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 16 Jul 2009 22:09:19 -0400 + +monkeysphere (0.24) unstable; urgency=low + + * fixed how version information is stored/retrieved + * now uses perl-based keytrans for both pem2openpgp and openpgp2ssh + * no longer needs base64 in PATH + * added "test" make target + * improved transitions/0.23 script so it no longer fails in common + circumstances (Closes: #517779) + * RSA only: no longer handles DSA keys + * added ability to specify subkeys to add to ssh agent with new + MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable + + -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 03 Mar 2009 19:38:33 -0500 + +monkeysphere (0.23) unstable; urgency=low + + "The Golden Bezoar Release" + + * rearchitect UI: + - replace monkeysphere-server with monkeysphere-{authentication,host} + - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere + * new ability to import existing ssh host key into monkeysphere. So now + m-a import-key replaces m-s gen-key. + * provide pem2openpgp for translating unencrypted PEM-encoded raw key + material into OpenPGP keys (introduces new perl dependencies) + * get rid of getopts dependency + * added version output option + * better checks for the existence of a host private key for + monkeysphere-host subcommands that need it. + * better checks on validity of existing authentication subkeys when + doing monkeysphere gen_subkey. + * add transition infrastructure for major changes between releases (see + transitions/README.txt) + * implement and document two new monkeysphere-host subcommands: + revoke-key and add-revoker + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 21 Feb 2009 17:51:06 -0500 + +monkeysphere (0.22) unstable; urgency=low + + [ Jameson Graef Rollins ] + * added info log output when a new key is added to known_hosts file. + * added some useful output to the ssh-proxycommand for "marginal" cases + where keys are found for host but do not have full validity. + * force ssh-keygen to read from stdin to get ssh key fingerprint. + + [ Daniel Kahn Gillmor ] + * automatically output two copies of the host's public key: one standard + ssh public key file, and the other a minimal OpenPGP key with just the + latest valid self-sig. + * debian/control: corrected alternate dependency from procfile to + procmail (which provides /usr/bin/lockfile) + + -- Jameson Graef Rollins <jrollins@finestructure.net> Fri, 28 Nov 2008 14:23:31 -0500 + +monkeysphere (0.21) unstable; urgency=low + + * move debian packaging to packaging subdirectory. + + -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 16:14:27 -0500 + +monkeysphere (0.20) unstable; urgency=low + + [ Daniel Kahn Gillmor ] + * ensure that tempdirs are properly created, bail out otherwise instead + of stumbling ahead. + * minor fussing with the test script to make it cleaner. + + [ Jameson Graef Rollins ] + * clean up Makefile to generate more elegant source tarballs. + * make myself the maintainer. + + -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 13:12:57 -0500 + +monkeysphere (0.19) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * simulating an X11 session in the test script. + * updated packaging so that symlinks to config files are correct. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 02:47:49 -0400 + +monkeysphere (0.18) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bugs in authorized_{user_ids,keys} file permission checking. + * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys + files. + * chown authorized_keys files to `whoami`, for compatibility with test + suite. + * major improvements to test suite, added more tests. + + [ Daniel Kahn Gillmor ] + * update make install to ensure placement of + /etc/monkeysphere/gnupg-{host,authentication}.conf + * choose either --quick-random or --debug-quick-random depending on + which gpg supports for the test suite. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 00:41:38 -0400 + +monkeysphere (0.17) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix some bugs in, and cleanup, authorized_keys file creation in + monkeysphere-server update-users. + * Move to using the empty string for not adding a user-controlled + authorized_keys file in the RAW_AUTHORIZED_KEYS variable. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Oct 2008 02:04:22 -0400 + +monkeysphere (0.16) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better + portability. + * fixed busted lockfile arrangement, where empty file was being locked + * portability fixes in the way we use date, mktemp, hostname, su + * stop using /usr/bin/stat, since the syntax appears to be totally + unportable + * require GNU getopt, and test for getopt failures (look for getopt in + /usr/local/bin first, since that's where FreeBSD's GNU-compatible + getopt lives. + * monkeysphere-server diagnostics now counts problems and suggests a + re-run after they have been resolved. + * completed basic test suite: this can be run from the git sources or + the tarball with: cd tests && ./basic + + [ Jameson Graef Rollins ] + * Genericize fs location variables. + * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at + install. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400 + +monkeysphere (0.15) experimental; urgency=low + + * porting work and packaging simplification: clarifying makefiles, + pruning dependencies, etc. + * added tests to monkeysphere-server diagnostics + * moved monkeysphere(5) to section 7 of the manual + * now shipping TODO in /usr/share/doc/monkeysphere + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 19:08:40 -0400 + +monkeysphere (0.14) experimental; urgency=low + + * changing debian packaging back to format 1.0 so we get automatic + tarballs, and easier inclusion in other build networks. + * no other source changes. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 13:03:35 -0400 + +monkeysphere (0.13) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. + * updated makefile to reflect the package building technique we've been + using for a month now. + + [ Jameson Graef Rollins ] + * move location of user config directory to ~/.monkeysphere. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Sep 2008 17:26:10 -0400 + +monkeysphere (0.12) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Improved output handling. New LOG_LEVEL variable. + + [ Daniel Kahn Gillmor ] + * debian/control: switched Homepage: and Vcs-Git: to canonicalized + upstream hostnames. + * updated documentation for new release. + * changed my associated e-mail address for this package. + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Sep 2008 18:54:29 -0400 + +monkeysphere (0.11) experimental; urgency=low + + [ Jameson Graef Rollins ] + * fix bug in trustdb update on add/revoke-hostname. + + [ Daniel Kahn Gillmor ] + * debian/control: added Build-Depends: git-core for the new packaging + format + * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched + GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly + if not found). + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400 + +monkeysphere (0.10) experimental; urgency=low + + [ Jameson Graef Rollins ] + * brown paper bag release: invert test on calculated validity of keys. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 16:22:34 -0400 + +monkeysphere (0.9) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * implemented "monkeysphere-server extend-key" to adjust expiration + date of host key. + * removed "monkeysphere-server fingerprint". Use "monkeysphere-server + show-key" instead. + + [ Jameson Graef Rollins ] + * fixed bug in user id processing that prevented bad primary keys from + being properly removed. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 15:42:12 -0400 + +monkeysphere (0.8) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * debian/control: switched Vcs-Git to use "centralized" git repo instead + of my own. + * More monkeysphere-server diagnostics + * monkeysphere --gen-subkey now guesses what KeyID you meant. + * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey + works sensibly under X11 + + [ Jameson Graef Rollins ] + * fix another bug when known_hosts files are missing. + * sort processed keys so that "good" keys are processed after "bad" + keys. This will prevent malicious bad keys from causing good keys to + be removed from key files. + * enabled host key publication. + * added checking of gpg.conf for keyserver + * new functions to add/revoke host key user IDs + * improved list-certifiers function (now non-privileged) + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 12:43:37 -0400 + +monkeysphere (0.7) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * Added monkeysphere-server diagnostics subcommand. + * rebuilding package using Format: 3.0 (git) + + [ Jameson Graef Rollins ] + * fix how check for file modification is done. + * rework out user id processing is done to provide more verbose log + output. + * fix bug in monkeysphpere update-authorized_keys subcommand where + disallowed keys failed to be remove from authorized_keys file. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 04 Aug 2008 10:47:41 -0400 + +monkeysphere (0.6) experimental; urgency=low + + [ Jameson Graef Rollins ] + * Fix bug in return on error of ssh-proxycommand. + + [ Daniel Kahn Gillmor ] + * try socat if netcat is not available in proxycommand. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400 + +monkeysphere (0.5) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * updated READMEs to match current state of code + + [ Jameson Graef Rollins ] + * Tweak how empty authorized_user_ids and known_hosts files are handled. + * Do not fail when authorized_user_ids or known_hosts file is not found. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 28 Jul 2008 10:50:02 -0400 + +monkeysphere (0.4) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * New version. + * Fixed return code error in openpgp2ssh + + [ Jameson Graef Rollins ] + * Privilege separation: use monkeysphere user to handle maintenance of + the gnupg authentication keychain for server. + * Improved certifier key management. + * Fixed variable scoping and config file precedence. + * Add options for key generation and add-certifier functions. + * Fix return codes for known_host and authorized_keys updating + functions. + * Add write permission check on authorized_keys, known_hosts, and + authorized_user_ids files. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400 + +monkeysphere (0.3) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * new version. + + [ Jameson Graef Rollins ] + * Move files in /var/cache/monkeysphere and GNUPGHOME for server to + the more appropriate /var/lib/monkeysphere. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 00:55:29 -0400 + +monkeysphere (0.2) experimental; urgency=low + + * added lockfile-progs dependency + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 19:34:05 -0400 + +monkeysphere (0.2) experimental; urgency=low + + [ Daniel Kahn Gillmor ] + * openpgp2ssh now supports specifying keys by full fingerprint. + + [ Jameson Graef Rollins ] + * Add AUTHORIZED_USER_IDS config variable for server, which defaults to + %h/.config/monkeysphere/authorized_user_ids, instead of + /etc/monkeysphere/authorized_user_ids. + * Remove {update,remove}-userids functions, since we decided they + weren't useful enough to be worth maintaining. + * Better handling of unknown users in server update-users + * Add file locking when modifying known_hosts or authorized_keys + * Better failure/prompting for gen-subkey + * Add ability to set any owner trust level for keys in server keychain. + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 17:03:19 -0400 + +monkeysphere (0.1) experimental; urgency=low + + * First release of debian package for monkeysphere. + * This is experimental -- please report bugs! + + -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 19 Jun 2008 00:34:53 -0400 + diff --git a/doc/george/changelog b/doc/george/changelog index 12586a9..a56e321 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -7,6 +7,10 @@ * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2010-01-12 - dkg + * aptitude update && aptitude full-upgrade (including monkeysphere + 0.27-1) + 2009-10-26 - dkg * upgrade nginx in response to DSA-1920-1 diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1 index 76eaf8d..6abd36c 100644 --- a/man/man1/monkeysphere.1 +++ b/man/man1/monkeysphere.1 @@ -11,9 +11,11 @@ monkeysphere - Monkeysphere client user interface .SH DESCRIPTION \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust -for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and -added to the authorized_keys and known_hosts files used by OpenSSH for -connection authentication. +for OpenSSH and TLS key-based authentication. OpenPGP keys are +tracked via GnuPG, and added to the authorized_keys and known_hosts +files used by OpenSSH for connection authentication. Monkeysphere can +also be used by a validation agent to validate TLS connections +(e.g. https). \fBmonkeysphere\fP is the Monkeysphere client utility. @@ -130,6 +132,10 @@ place of `subkey\-to\-ssh\-agent'. Output the ssh fingerprint of a key in your gpg keyring. `f' may be used in place of `fingerprint'. .TP +.B keys\-for\-userid USERID +Output to stdout all acceptable keys for a given user ID literal. +`u' may be used in place of `keys\-for\-userid'. +.TP .B version Show the monkeysphere version number. `v' may be used in place of `version'. diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1 index 5622bd7..fe20788 100644 --- a/man/man1/pem2openpgp.1 +++ b/man/man1/pem2openpgp.1 @@ -8,7 +8,7 @@ pem2openpgp .Sh SYNOPSIS .Nm pem2openpgp "$USERID" < mykey.pem | gpg \-\-import .Pp -.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" <mykey.pem +.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authenticate,certify pem2openpgp "$USERID" <mykey.pem .Sh DESCRIPTION .Nm is a low-level utility for transforming raw, PEM-encoded RSA secret diff --git a/man/man7/monkeysphere.7 b/man/man7/monkeysphere.7 index f5a2371..e4c2bf0 100644 --- a/man/man7/monkeysphere.7 +++ b/man/man7/monkeysphere.7 @@ -7,10 +7,12 @@ Trust .SH DESCRIPTION -\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust -for ssh authentication. OpenPGP keys are tracked via GnuPG, and added -to the authorized_keys and known_hosts files used by ssh for -connection authentication. +\fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust +for OpenSSH and TLS key-based authentication. OpenPGP keys are +tracked via GnuPG, and added to the authorized_keys and known_hosts +files used by OpenSSH for connection authentication. Monkeysphere can +also be used by a validation agent to validate TLS connections +(e.g. https). .SH IDENTITY CERTIFIERS @@ -44,10 +46,9 @@ address in the User ID). .SH KEY ACCEPTABILITY -During known_host and authorized_keys updates, the monkeysphere -commands work from a set of user IDs to determine acceptable keys for -ssh authentication. OpenPGP keys are considered acceptable if the -following criteria are met: +The monkeysphere commands work from a set of user IDs to determine +acceptable keys for ssh and TLS authentication. OpenPGP keys are +considered acceptable if the following criteria are met: .TP .B capability The key must have the `authentication' (`a') usage flag set. @@ -61,8 +62,15 @@ The relevant user ID must be signed by a trusted identity certifier. .SH HOST IDENTIFICATION -The OpenPGP keys for hosts have associated user IDs that use the ssh -URI specification for the host, i.e. `ssh://host.full.domain[:port]'. +The OpenPGP keys for hosts have associated `service names` (OpenPGP +user IDs) that are based on URI specifications for the service. Some +examples: +.TP +.B ssh: +ssh://host.example.com[:port] +.TP +.B https: +https://host.example.com[:port] .SH AUTHOR diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 572aa6a..b2dfbdf 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -1,4 +1,4 @@ -.TH MONKEYSPHERE-SERVER "8" "March 2009" "monkeysphere" "User Commands" +.TH MONKEYSPHERE-AUTHENTICATION "8" "January 2010" "monkeysphere" "System Commands" .SH NAME @@ -11,9 +11,9 @@ monkeysphere\-authentication - Monkeysphere authentication admin tool. .SH DESCRIPTION \fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust -(WoT) for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, -and added to the authorized_keys and known_hosts files used by OpenSSH -for connection authentication. +(WoT) for key-based authentication. OpenPGP keys are tracked via +GnuPG, and added to the authorized_keys files used by OpenSSH for +connection authentication. \fBmonkeysphere\-authentication\fP is a Monkeysphere server admin utility for configuring and managing SSH user authentication through @@ -131,7 +131,7 @@ user authentication, the AuthorizedKeysFile parameter must be set in the sshd_config to point to the monkeysphere\-generated authorized_keys files: -AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u +AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u It is recommended to add "monkeysphere\-authentication update\-users" to a system crontab, so that user keys are kept up-to-date, and key diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 131b8c7..8821be3 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -1,8 +1,8 @@ -.TH MONKEYSPHERE-SERVER "8" "March 2009" "monkeysphere" "User Commands" +.TH MONKEYSPHERE-HOST "8" "January 2010" "monkeysphere" "System Commands" .SH NAME -monkeysphere\-host - Monkeysphere host admin tool. +monkeysphere\-host - Monkeysphere host key administration tool. .SH SYNOPSIS @@ -11,35 +11,43 @@ monkeysphere\-host - Monkeysphere host admin tool. .SH DESCRIPTION \fBMonkeysphere\fP is a framework to leverage the OpenPGP web of trust -for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, and -added to the authorized_keys and known_hosts files used by OpenSSH for -connection authentication. +for SSH and TLS key-based authentication. -\fBmonkeysphere\-host\fP is a Monkeysphere server admin utility for -managing the host's OpenPGP host key. +\fBmonkeysphere\-host\fP stores and manages OpenPGP certificates for +various services offered by the host. + +Most subcommands take a KEYID argument, which identifies (by OpenPGP +key ID (e.g. 0xDEADBEEF) or full OpenPGP fingerprint) which +certificate is to be operated upon. If only one certificate is +currently managed by \fBmonkeysphere\-host\fP, the KEYID argument may +be omitted, and \fBmonkeysphere\-host\fP will operate on it. .SH SUBCOMMANDS \fBmonkeysphere\-host\fP takes various subcommands: .TP -.B import\-key FILE NAME[:PORT] -Import a pem-encoded ssh secret host key from file FILE. If FILE is -`\-', then the key will be imported from stdin. Only RSA keys are -supported at the moment. NAME[:PORT] is used to specify the -fully-qualified hostname (and port) used in the user ID of the new -OpenPGP key. If PORT is not specified, then no port is added to the -user ID, which means port 22 is assumed. `i' may be used in place of +.B import\-key FILE SCHEME://HOSTNAME[:PORT] +Import a PEM-encoded host secret key from file FILE. If FILE is `\-', +then the key will be imported from stdin. Only RSA keys are supported +at the moment. SCHEME://HOSTNAME[:PORT] is used to specify the scheme +(e.g. ssh or https), fully-qualified hostname (and port) used in the +user ID of the new OpenPGP key (e.g. ssh://example.net or +https://www.example.net). If PORT is not specified, then no port is +added to the user ID, which means the default port for that service +(e.g. 22 for ssh) is assumed. `i' may be used in place of `import\-key'. .TP -.B show\-key -Output information about host's OpenPGP and SSH keys. `s' may be used -in place of `show\-key'. -.TP -.B set\-expire [EXPIRE] -Extend the validity of the OpenPGP key for the host until EXPIRE from -the present. If EXPIRE is not specified, then the user will be -prompted for the extension term. Expiration is specified as with -GnuPG (measured from today's date): +.B show\-keys [KEYID ...] +Output information about the OpenPGP certificate(s) for services +offered by the host, including their KEYIDs. If no KEYID is specified +(or if the special string `--all' is used), output information about +all certificates managed by \fBmonkeysphere\-host\fP. `s' may be used +in place of `show\-keys'. +.TP +.B set\-expire EXPIRE [KEYID] +Extend the validity of the OpenPGP certificate specified until EXPIRE +from the present. Expiration is specified as with GnuPG (measured +from today's date): .nf 0 = key does not expire <n> = key expires in n days @@ -49,34 +57,42 @@ GnuPG (measured from today's date): .fi `e' may be used in place of `set\-expire'. .TP -.B add\-hostname HOSTNAME -Add a hostname user ID to the server host key. `n+' may be used in -place of `add\-hostname'. -.TP -.B revoke\-hostname HOSTNAME -Revoke a hostname user ID from the server host key. `n\-' may be used -in place of `revoke\-hostname'. -.TP -.B add\-revoker KEYID|FILE -Add a revoker to the host's OpenPGP key. The key ID will be loaded -from the keyserver. A file may be loaded instead of pulling the key -from the keyserver by specifying the path to the file as the argument, -or by specifying `\-' to load from stdin. `r+' may be be used in place -of `add-revoker'. -.TP -.B revoke\-key -Generate (with the option to publish) a revocation certificate for the -host's OpenPGP key. If such a certificate is published, your host key -will be permanently revoked. This subcommand will ask you a series of -questions, and then generate a key revocation certificate, sending it -to stdout. If you explicitly tell it to publish the revocation -certificate immediately, it will send it to the public keyservers. -USE WITH CAUTION! -.TP -.B publish\-key -Publish the host's OpenPGP key to the public keyservers. `p' may be -used in place of `publish-key'. Note that there is no way to remove a -key from the public keyservers once it is published! +.B add\-servicename SCHEME://HOSTNAME[:PORT] [KEYID] +Add a service-specific user ID to the specified certificate. For +example, the operator of `https://example.net' may wish to add an +additional servicename of `https://www.example.net' to the certificate +corresponding to the secret key used by the TLS-enabled web server. +`add-name' or `n+' may be used in place of `add\-servicename'. +.TP +.B revoke\-servicename SCHEME://HOSTNAME[:PORT] [KEYID] +Revoke a service-specific user ID from the specified certificate. +`revoke-name' or `n\-' may be used in place of `revoke\-servicename'. +.TP +.B add\-revoker REVOKER_KEYID|FILE [KEYID] +Add a revoker to the specified OpenPGP certificate. The revoker can +be specified by their own REVOKER_KEYID (in which case it will be +loaded from an OpenPGP keyserver), or by specifying a path to a file +containing the revoker's OpenPGP certificate, or by specifying `\-' to +load from stdin. `r+' may be be used in place of `add-revoker'. +.TP +.B revoke\-key [KEYID] +Generate (with the option to publish) a revocation certificate for +given OpenPGP certificate. If such a certificate is published, the +given key will be permanently revoked, and will no longer be accepted +by monkeysphere-enabled clients. This subcommand will ask you a +series of questions, and then generate a key revocation certificate, +sending it to stdout. You might want to store these certificates +safely offline, to publish in case of compromise). If you explicitly +tell it to publish the revocation certificate immediately, it will +send it to the public keyservers. PUBLISH THESE CERTIFICATES ONLY IF +YOU ARE SURE THE CORRESPONDING KEY WILL NEVER BE RE-USED! +.TP +.B publish\-keys [KEYID ...] +Publish the specified OpenPGP certificates to the public keyservers. +If the special string `--all' is specified, all of the host's OpenPGP +certificates will be published. `p' may be used in place of +`publish-keys'. NOTE: that there is no way to remove a key from the +public keyservers once it is published! .TP .B version Show the monkeysphere version number. `v' may be used in place of @@ -85,9 +101,6 @@ Show the monkeysphere version number. `v' may be used in place of .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. - - -Other commands: .TP .B diagnostics Review the state of the monkeysphere server host key and report on @@ -96,37 +109,87 @@ there is a valid host key, that the key is not expired, that the sshd configuration points to the right place, etc. `d' may be used in place of `diagnostics'. -.SH SETUP HOST AUTHENTICATION +.SH SETUP SSH SERVER CERTIFICATES -To enable host verification via the monkeysphere, an OpenPGP key must -be made out of the host's ssh key, and the key must be published to -the Web of Trust. This is not done by default. The first step is to -import the host's ssh key into a monkeysphere-style OpenPGP key. This -is done with the import\-key command. When importing a key, you must -specify the path to the host's ssh RSA key to import, and a hostname -to use as the key's user ID: +To enable users to verify your SSH host's key via the monkeysphere, an +OpenPGP certificate must be made out of the host's RSA ssh key, and +the certificate must be published to the Web of Trust. Certificate +publication is not done by default. The first step is to import the +host's ssh key into a monkeysphere-style OpenPGP certificate. This is +done with the import\-key command. For example: -# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key host.example.org +# monkeysphere\-host import\-key /etc/ssh/ssh_host_rsa_key ssh://host.example.org -On most systems, the ssh host RSA key is stored at +On most systems, sshd's RSA secret key is stored at /etc/ssh/ssh_host_rsa_key. -Once the host key has been imported, it must be published to the Web -of Trust so that users can retrieve the key when sshing to the host. -The host key is published to the keyserver with the publish\-key -command: - -$ monkeysphere\-host publish\-key - -In order for users logging into the system to be able to identify the -host via the monkeysphere, at least one person (e.g. a server admin) -will need to sign the host's key. This is done using standard OpenPGP -keysigning techniques, usually: pull the key from the keyserver, -verify and sign the key, and then re-publish the signature. Please -see http://web.monkeysphere.info/signing-host-keys/ for more -information. Once an admin's signature is published, users logging -into the host can use it to validate the host's key without having to -manually check the host key's fingerprint. +See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES for +how to make sure your users can verify the ssh service offered by your +host once the key is imported into \fBmonkeysphere\-host\fP. + +.SH SETUP WEB SERVER CERTIFICATES + +You can set up your HTTPS-capable web server so that your users can +verify it via the monkeysphere, without changing your server's +software at all. You just need access to a (PEM-encoded) version of +the server's RSA secret key (most secret keys are already stored +PEM-encoded). The first step is to import the web server's key into a +monkeysphere-style OpenPGP certificate. This is done with the +import\-key command. For example: + +# monkeysphere\-host import-key /etc/ssl/private/host.example.net-key.pem https://host.example.net + +If you don't know where the web server's key is stored on your +machine, consult the configuration files for your web server. +Debian-based systems using the `ssl-cert' packages often have a +default self-signed certificate stored in +`/etc/ssl/private/ssl-cert-snakeoil.key' ; if you're using that key, +your users are getting browser warnings about it. You can keep using +the same key, but help them use the OpenPGP WoT to verify that it does +belong to your web server by using something like: + +# monkeysphere\-host import-key /etc/ssl/private/ssl-cert-snakeoil.key https://$(hostname --fqdn) + +If you offer multiple HTTPS websites using the same secret key, you +should add the additional website names with the `add-servicename' +subcommand. + +See PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES (the +next section) for how to make sure your users can verify the https +service offered by your host once the key is imported and any extra +site names have been added. Note that you can add or remove +additional servicenames at any time, but you'll need to certify any +new ones separately. + +.SH PUBLISHING AND CERTIFYING MONKEYSPHERE SERVICE CERTIFICATES + +Once the host key has been imported, the corresponding certificate +must be published to the Web of Trust so that users can retrieve the +cert when connecting to the host. The host certificates are published +to the keyserver with the publish\-key command: + +$ monkeysphere\-host publish\-key --all + +In order for users accessing the system to be able to identify the +host's service via the monkeysphere, at least one person (e.g. a +server admin) will need to sign the host's certificate. This is done +using standard OpenPGP keysigning techniques. Usually: pull the +host's OpenPGP certificate from the keyserver, verify and sign it, and +then re-publish your signature. More than one person can certify any +certificate. Please see +http://web.monkeysphere.info/signing-host-keys/ for more information +and details. Once an admin's signature is published, users accessing +the host can use the certificate to validate the host's key without +having to manually check the host key's fingerprint (in the case of +ssh) or without seeing a nasty "security warning" in their browsers +(in the case of https). + +.SH SECURITY CONSIDERATIONS + +Note that \fBmonkeysphere\-host\fP currently caches a copy of all +imported secret keys (stored in OpenPGP form for future manipulation) +in /var/lib/monkeysphere/host/secring.gpg. Cleartext backups of this +file could expose secret key material if not handled sensitively. .SH ENVIRONMENT @@ -149,9 +212,17 @@ If set to `false', never prompt the user for confirmation. (true) /etc/monkeysphere/monkeysphere\-host.conf System monkeysphere\-host config file. .TP -/var/lib/monkeysphere/host/ssh_host_rsa_key.pub.gpg -A world-readable copy of the host's public key in OpenPGP format, -including all relevant self-signatures. +/var/lib/monkeysphere/host_keys.pub.pgp + +A world-readable copy of the host's OpenPGP certificates in ASCII +armored format. This includes the certificates (including the public +keys, servicename-based User IDs, and most recent relevant +self-signatures) corresponding to every key used by +Monkeysphere-enabled services on the host. +.TP +/var/lib/monkeysphere/host/ +A locked directory (readable only by the superuser) containing copies +of all imported secret keys (this is the host's GNUPGHOME directory). .SH AUTHOR @@ -163,8 +234,8 @@ Matthew Goins <mjgoins@openflows.com> .SH SEE ALSO .BR monkeysphere (1), -.BR monkeysphere\-authentication (8), .BR monkeysphere (7), .BR gpg (1), +.BR monkeysphere\-authentication (8), .BR ssh (1), .BR sshd (8) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 8984114..f52a7ac 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,68 +1,45 @@ -monkeysphere (0.27-1~pre1) UNRELEASED; urgency=low +monkeysphere (0.28.1-1~pre1) UNRELEASED; urgency=low - * New upstream release: - - fixed monkeysphere gen-subkey subcommand that was erroneously - creating DSA subkeys due to unannounced change in gpg edit-key UI. + [ Jameson Graef Rollins ] + * New upstream release + + [ Daniel Kahn Gillmor ] + * bumped Standards-Version to 3.8.4 (no changes needed) + + -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 04 Feb 2010 12:00:58 -0500 + +monkeysphere (0.28-1) unstable; urgency=low + + * New upstream release + * Separate upstream and debian changelogs + + -- Jameson Rollins <jrollins@finestructure.net> Tue, 19 Jan 2010 13:56:17 -0500 + +monkeysphere (0.27-1) unstable; urgency=low + + * New upstream release * updated debian/copyright to match the latest revision of DEP5. * updated standards version to 3.8.3 (no changes needed) - * updated Depends to require >=1.4.10 due to gpg UI change. * add cpio to Build-Depends (used in test suite) (Closes: #562444) - -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 24 Dec 2009 12:28:21 -0500 + -- Jameson Rollins <jrollins@finestructure.net> Mon, 11 Jan 2010 20:54:21 -0500 monkeysphere (0.26-1) unstable; urgency=low - * New upstream release: - - add 'refresh-keys' subcommand to monkeysphere-authentication - - improve marginal UI (closes MS #1141) - - add MONKEYSPHERE_STRICT_MODES configuration to avoid - permission-checking (closes MS #649) - - test scripts use STRICT_MODES to avoid failure when built under /tmp - (Closes: #527765) - - do permissions checks with a perl script instead of non-portable - readlink GNUisms - - bail on permissions check if we hit the home directory (helpful on - Mac OS and other systems with loose /home or /Users (closes MS #675) + * New upstream release (Closes: #527765) -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 01 Aug 2009 17:11:05 -0400 monkeysphere (0.25-1) unstable; urgency=low - * New upstream release: - - update/fix the marginal ui output - - use msmktempdir everywhere (avoid unwrapped calls to mktemp for - portability) - - clean out some redundant "cat"s - - fix monkeysphere update-known_hosts for sshd running on non-standard - ports - - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key - - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 - (changes dependency to libdigest-sha-perl) - - some portability improvements - - properly handle translation of keys with fingerprints with leading - all-zero bytes. - - resolve symlinks when checking paths (thanks Silvio Rhatto) - (closes MS #917) - - explicitly set and use MONKEYSPHERE_GROUP from system "groups" - (closes: #534008) - - monkeysphere-host now uses keytrans to add and revoke hostname - (closes MS #422) + * New upstream release (closes: #534008) * update Standard-Version to 3.8.2 (no changes needed) -- Jameson Graef Rollins <jrollins@finestructure.net> Thu, 16 Jul 2009 22:09:19 -0400 monkeysphere (0.24-1) unstable; urgency=low - * New upstream release: - - fixed how version information is stored/retrieved - - now uses perl-based keytrans for both pem2openpgp and openpgp2ssh - - no longer needs base64 in PATH - - added "test" make target - - improved transitions/0.23 script so it no longer fails in common - circumstances (Closes: #517779) - - RSA only: no longer handles DSA keys - - added ability to specify subkeys to add to ssh agent with - new MONKEYSPHERE_SUBKEYS_FOR_AGENT environment variable + * New upstream release (Closes: #517779) * update/cleanup maintainer scripts * remove GnuTLS dependency * remove versioned coreutils | base64 dependency @@ -74,53 +51,20 @@ monkeysphere (0.24-1) unstable; urgency=low monkeysphere (0.23.1-1) unstable; urgency=low - * New Upstrem "Brown Paper Bag" Release: - - adjusts internal version numbers + * New upstrem release ("brown paper bag" to adjust internal version numbers) -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 21 Feb 2009 18:09:47 -0500 monkeysphere (0.23-1) unstable; urgency=low - "The Golden Bezoar Release" - - * New upstream release. - * rearchitect UI: - - replace monkeysphere-server with monkeysphere-{authentication,host} - - fold monkeysphere-ssh-proxycommand into /usr/bin/monkeysphere - - * new ability to import existing ssh host key into monkeysphere. So now - m-a import-key replaces m-s gen-key. - * provide pem2openpgp for translating unencrypted PEM-encoded raw key - material into OpenPGP keys (introduces new perl dependencies) - * get rid of getopts dependency - * added version output option - * better checks for the existence of a host private key for - monkeysphere-host subcommands that need it. - * better checks on validity of existing authentication subkeys when - doing monkeysphere gen_subkey. - * add transition infrastructure for major changes between releases (see - transitions/README.txt) - * implement and document two new monkeysphere-host subcommands: - revoke-key and add-revoker + * New upstream release: "The Golden Bezoar Release" -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 21 Feb 2009 17:51:06 -0500 monkeysphere (0.22-1) unstable; urgency=low - * New upstream release: - [ Jameson Graef Rollins ] - - - added info log output when a new key is added to known_hosts file. - - added some useful output to the ssh-proxycommand for "marginal" - cases where keys are found for host but do not have full validity. - - force ssh-keygen to read from stdin to get ssh key fingerprint. - - [ Daniel Kahn Gillmor ] - - - automatically output two copies of the host's public key: one - standard ssh public key file, and the other a minimal OpenPGP key with - just the latest valid self-sig. - - debian/control: corrected alternate dependency from procfile to + * New upstream release + * debian/control: corrected alternate dependency from procfile to procmail (which provides /usr/bin/lockfile) -- Jameson Graef Rollins <jrollins@finestructure.net> Fri, 28 Nov 2008 14:23:31 -0500 @@ -133,281 +77,8 @@ monkeysphere (0.21-2) unstable; urgency=low monkeysphere (0.21-1) unstable; urgency=low - * New upstream release: - - move debian packaging to packaging subdirectory. + * New upstream initial release to Debian (Closes: #505806) * Add debian prerm script, and add debhelper lines to other install scripts. - * Initial release to Debian (Closes: #505806) -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 16:14:27 -0500 - -monkeysphere (0.20-1) unstable; urgency=low - - [ Daniel Kahn Gillmor ] - * ensure that tempdirs are properly created, bail out otherwise instead - of stumbling ahead. - * minor fussing with the test script to make it cleaner. - - [ Jameson Graef Rollins ] - * clean up Makefile to generate more elegant source tarballs. - * make myself the maintainer. - - -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 15 Nov 2008 13:12:57 -0500 - -monkeysphere (0.19-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * simulating an X11 session in the test script. - * updated packaging so that symlinks to config files are correct. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 02:47:49 -0400 - -monkeysphere (0.18-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bugs in authorized_{user_ids,keys} file permission checking. - * Add new monkeysphere tmpdir to enable atomic moves of authorized_keys - files. - * chown authorized_keys files to `whoami`, for compatibility with test - suite. - * major improvements to test suite, added more tests. - - [ Daniel Kahn Gillmor ] - * update make install to ensure placement of - /etc/monkeysphere/gnupg-{host,authentication}.conf - * choose either --quick-random or --debug-quick-random depending on - which gpg supports for the test suite. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 29 Oct 2008 00:41:38 -0400 - -monkeysphere (0.17-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix some bugs in, and cleanup, authorized_keys file creation in - monkeysphere-server update-users. - * Move to using the empty string for not adding a user-controlled - authorized_keys file in the RAW_AUTHORIZED_KEYS variable. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 28 Oct 2008 02:04:22 -0400 - -monkeysphere (0.16-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * replaced "#!/bin/bash" with "#!/usr/bin/env bash" for better - portability. - * fixed busted lockfile arrangement, where empty file was being locked - * portability fixes in the way we use date, mktemp, hostname, su - * stop using /usr/bin/stat, since the syntax appears to be totally - unportable - * require GNU getopt, and test for getopt failures (look for getopt in - /usr/local/bin first, since that's where FreeBSD's GNU-compatible - getopt lives. - * monkeysphere-server diagnostics now counts problems and suggests a - re-run after they have been resolved. - * completed basic test suite: this can be run from the git sources or - the tarball with: cd tests && ./basic - - [ Jameson Graef Rollins ] - * Genericize fs location variables. - * break out gpg.conf files into SYSCONFIGDIR, and not auto-generated at - install. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sun, 26 Oct 2008 03:06:18 -0400 - -monkeysphere (0.15-1) experimental; urgency=low - - * porting work and packaging simplification: clarifying makefiles, - pruning dependencies, etc. - * added tests to monkeysphere-server diagnostics - * moved monkeysphere(5) to section 7 of the manual - * now shipping TODO in /usr/share/doc/monkeysphere - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 19:08:40 -0400 - -monkeysphere (0.14-1) experimental; urgency=low - - * changing debian packaging back to format 1.0 so we get automatic - tarballs, and easier inclusion in other build networks. - * no other source changes. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 04 Sep 2008 13:03:35 -0400 - -monkeysphere (0.13-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * tweaks in /usr/bin/monkeysphere to handle odd secret keyrings. - * updated makefile to reflect the package building technique we've been - using for a month now. - - [ Jameson Graef Rollins ] - * move location of user config directory to ~/.monkeysphere. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 03 Sep 2008 17:26:10 -0400 - -monkeysphere (0.12-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Improved output handling. New LOG_LEVEL variable. - - [ Daniel Kahn Gillmor ] - * debian/control: switched Homepage: and Vcs-Git: to canonicalized - upstream hostnames. - * updated documentation for new release. - * changed my associated e-mail address for this package. - - -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 02 Sep 2008 18:54:29 -0400 - -monkeysphere (0.11-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * fix bug in trustdb update on add/revoke-hostname. - - [ Daniel Kahn Gillmor ] - * debian/control: added Build-Depends: git-core for the new packaging - format - * new subcommand: monkeysphere subkey-to-ssh-agent (relies on a patched - GnuTLS to deal with GPG's gnu-dummy S2K extension, but fails cleanly - if not found). - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Wed, 20 Aug 2008 11:24:35 -0400 - -monkeysphere (0.10-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * brown paper bag release: invert test on calculated validity of keys. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 16:22:34 -0400 - -monkeysphere (0.9-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * implemented "monkeysphere-server extend-key" to adjust expiration - date of host key. - * removed "monkeysphere-server fingerprint". Use "monkeysphere-server - show-key" instead. - - [ Jameson Graef Rollins ] - * fixed bug in user id processing that prevented bad primary keys from - being properly removed. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 15:42:12 -0400 - -monkeysphere (0.8-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * debian/control: switched Vcs-Git to use "centralized" git repo instead - of my own. - * More monkeysphere-server diagnostics - * monkeysphere --gen-subkey now guesses what KeyID you meant. - * added Recommends: ssh-askpass to ensure monkeysphere --gen-subkey - works sensibly under X11 - - [ Jameson Graef Rollins ] - * fix another bug when known_hosts files are missing. - * sort processed keys so that "good" keys are processed after "bad" - keys. This will prevent malicious bad keys from causing good keys to - be removed from key files. - * enabled host key publication. - * added checking of gpg.conf for keyserver - * new functions to add/revoke host key user IDs - * improved list-certifiers function (now non-privileged) - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 18 Aug 2008 12:43:37 -0400 - -monkeysphere (0.7-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * Added monkeysphere-server diagnostics subcommand. - * rebuilding package using Format: 3.0 (git) - - [ Jameson Graef Rollins ] - * fix how check for file modification is done. - * rework out user id processing is done to provide more verbose log - output. - * fix bug in monkeysphpere update-authorized_keys subcommand where - disallowed keys failed to be remove from authorized_keys file. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 04 Aug 2008 10:47:41 -0400 - -monkeysphere (0.6-1) experimental; urgency=low - - [ Jameson Graef Rollins ] - * Fix bug in return on error of ssh-proxycommand. - - [ Daniel Kahn Gillmor ] - * try socat if netcat is not available in proxycommand. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 29 Jul 2008 10:27:20 -0400 - -monkeysphere (0.5-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * updated READMEs to match current state of code - - [ Jameson Graef Rollins ] - * Tweak how empty authorized_user_ids and known_hosts files are handled. - * Do not fail when authorized_user_ids or known_hosts file is not found. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 28 Jul 2008 10:50:02 -0400 - -monkeysphere (0.4-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * New version. - * Fixed return code error in openpgp2ssh - - [ Jameson Graef Rollins ] - * Privilege separation: use monkeysphere user to handle maintenance of - the gnupg authentication keychain for server. - * Improved certifier key management. - * Fixed variable scoping and config file precedence. - * Add options for key generation and add-certifier functions. - * Fix return codes for known_host and authorized_keys updating - functions. - * Add write permission check on authorized_keys, known_hosts, and - authorized_user_ids files. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 22 Jul 2008 21:50:17 -0400 - -monkeysphere (0.3-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * new version. - - [ Jameson Graef Rollins ] - * Move files in /var/cache/monkeysphere and GNUPGHOME for server to - the more appropriate /var/lib/monkeysphere. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Tue, 24 Jun 2008 00:55:29 -0400 - -monkeysphere (0.2-2) experimental; urgency=low - - * added lockfile-progs dependency - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 19:34:05 -0400 - -monkeysphere (0.2-1) experimental; urgency=low - - [ Daniel Kahn Gillmor ] - * openpgp2ssh now supports specifying keys by full fingerprint. - - [ Jameson Graef Rollins ] - * Add AUTHORIZED_USER_IDS config variable for server, which defaults to - %h/.config/monkeysphere/authorized_user_ids, instead of - /etc/monkeysphere/authorized_user_ids. - * Remove {update,remove}-userids functions, since we decided they - weren't useful enough to be worth maintaining. - * Better handling of unknown users in server update-users - * Add file locking when modifying known_hosts or authorized_keys - * Better failure/prompting for gen-subkey - * Add ability to set any owner trust level for keys in server keychain. - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Mon, 23 Jun 2008 17:03:19 -0400 - -monkeysphere (0.1-1) experimental; urgency=low - - * First release of debian package for monkeysphere. - * This is experimental -- please report bugs! - - -- Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> Thu, 19 Jun 2008 00:34:53 -0400 - diff --git a/packaging/debian/control b/packaging/debian/control index df00ed0..36e4ad8 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -1,23 +1,27 @@ Source: monkeysphere Section: net Priority: extra -Maintainer: Jameson Graef Rollins <jrollins@finestructure.net> -Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net> -Build-Depends: debhelper (>= 7.0), cpio, socat, openssh-server, gnupg (>=1.4.10), libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail -Standards-Version: 3.8.3 +Maintainer: Jameson Rollins <jrollins@finestructure.net> +Uploaders: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +Build-Depends: debhelper (>= 7.0), cpio, socat, openssh-server, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, openssl +Standards-Version: 3.8.4 Homepage: http://web.monkeysphere.info/ Vcs-Git: git://git.monkeysphere.info/monkeysphere Dm-Upload-Allowed: yes Package: monkeysphere Architecture: all -Depends: openssh-client, gnupg (>=1.4.10), libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, adduser, ${misc:Depends} +Depends: openssh-client, gnupg, libcrypt-openssl-rsa-perl, libdigest-sha-perl, lockfile-progs | procmail, adduser, ${misc:Depends} Recommends: netcat | socat, ssh-askpass, cron Enhances: openssh-client, openssh-server -Description: use the OpenPGP web of trust to verify ssh connections +Description: leverage the OpenPGP web of trust for SSH and TLS authentication SSH key-based authentication is tried-and-true, but it lacks a true Public Key Infrastructure for key certification, revocation and expiration. Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions. It can be used in both directions: for users to get validated host keys, and for hosts to authenticate - users. + users. Current monkeysphere SSH tools are designed to integrate + with the OpenSSH implementation of the Secure Shell protocol. + . + Monkeysphere can also be used by a validation agent to validate TLS + connections (e.g. https). diff --git a/packaging/debian/monkeysphere.postinst b/packaging/debian/monkeysphere.postinst index 4e81167..8c6a555 100755 --- a/packaging/debian/monkeysphere.postinst +++ b/packaging/debian/monkeysphere.postinst @@ -3,7 +3,7 @@ # postinst script for monkeysphere # Author: Jameson Rollins <jrollins@finestructure.net> -# Copyright 2008-2009 +# Copyright 2008-2010 set -e @@ -22,7 +22,7 @@ case $1 in fi # try all available transitions: - for trans in 0.23 ; do + for trans in 0.23 0.28 ; do /usr/share/monkeysphere/transitions/$trans || { \ RET=$? echo "Failed running transition script /usr/share/monkeysphere/transitions/$trans" >&2 diff --git a/src/monkeysphere b/src/monkeysphere index 14d2bf0..648f5e9 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -45,12 +45,15 @@ Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file - gen-subkey (g) [KEYID] generate an authentication subkey - --length (-l) BITS key length in bits (2048) ssh-proxycommand HOST [PORT] monkeysphere ssh ProxyCommand --no-connect do not make TCP connection to host subkey-to-ssh-agent (s) store authentication subkey in ssh-agent sshfpr (f) KEYID output ssh fingerprint of gpg key + + keys-for-userid (u) USERID output valid keys for user id literal + gen-subkey (g) [KEYID] generate an authentication subkey + --length (-l) BITS key length in bits (2048) + version (v) show version number help (h,?) this help @@ -143,7 +146,7 @@ check_gpg_authentication_subkey() { # if authentication key is valid, prompt to continue if [ "$validity" = 'u' ] ; then echo "A valid authentication key already exists for primary key '$keyID'." 1>&2 - if [ "$PROMPT" = "true" ] ; then + if [ "$PROMPT" != "false" ] ; then printf "Are you sure you would like to generate another one? (y/N) " >&2 read OK; OK=${OK:N} if [ "${OK/y/Y}" != 'Y' ] ; then @@ -214,9 +217,13 @@ mkdir -p -m 0700 "$GNUPGHOME" export LOG_LEVEL export LOG_PREFIX +if [ "$#" -eq 0 ] ; then + usage + failure "Please supply a subcommand." +fi + # get subcommand COMMAND="$1" -[ "$COMMAND" ] || $PGRM help shift case $COMMAND in @@ -244,7 +251,7 @@ case $COMMAND in process_authorized_user_ids "$AUTHORIZED_USER_IDS" ;; - 'import-subkey'|'i') + 'import-subkey'|'import'|'i') source "${MSHAREDIR}/import_subkey" import_subkey "$@" ;; @@ -268,16 +275,25 @@ case $COMMAND in gpg_ssh_fingerprint "$@" ;; - 'version'|'v') + 'keys-for-userid'|'u') + keys_for_userid "$@" + ;; + + 'keys-from-userid') + echo "Warning: 'keys-from-userid' is deprecated. Please use 'keys-for-userid' instead." >&2 + keys_for_userid "$@" + ;; + + 'version'|'--version'|'v') version ;; - '--help'|'help'|'-h'|'h'|'?') + 'help'|'--help'|'-h'|'h'|'?') usage ;; *) failure "Unknown command: '$COMMAND' -Type '$PGRM help' for usage." +Try '$PGRM help' for usage." ;; esac diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 057d14e..8c58645 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -136,7 +136,6 @@ LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '} # export variables needed in su invocation export DATE -export MODE export LOG_LEVEL export KEYSERVER export MONKEYSPHERE_USER @@ -150,9 +149,13 @@ export GNUPGHOME export CORE_KEYLENGTH export LOG_PREFIX +if [ "$#" -eq 0 ] ; then + usage + failure "Please supply a subcommand." +fi + # get subcommand COMMAND="$1" -[ "$COMMAND" ] || $PGRM help shift case $COMMAND in @@ -161,14 +164,14 @@ case $COMMAND in setup ;; - 'update-users'|'update-user'|'u') + 'update-users'|'update-user'|'update'|'u') source "${MASHAREDIR}/setup" setup source "${MASHAREDIR}/update_users" update_users "$@" ;; - 'refresh-keys'|'r') + 'refresh-keys'|'refresh'|'r') source "${MASHAREDIR}/setup" setup gpg_sphere "--keyserver $KEYSERVER --refresh-keys" @@ -208,7 +211,7 @@ case $COMMAND in gpg_sphere "$@" ;; - 'version'|'v') + 'version'|'--version'|'v') version ;; @@ -218,6 +221,6 @@ case $COMMAND in *) failure "Unknown command: '$COMMAND' -Type '$PGRM help' for usage." +Try '$PGRM help' for usage." ;; esac diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 52a4373..6145c30 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -8,7 +8,7 @@ # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # Micah Anderson <micah@riseup.net> # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. ######################################################################## @@ -34,7 +34,7 @@ MHSHAREDIR="${SYSSHAREDIR}/mh" MHDATADIR="${SYSDATADIR}/host" # host pub key files -HOST_KEY_FILE="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +HOST_KEY_FILE="${SYSDATADIR}/host_keys.pub.pgp" # UTC date in ISO 8601 format if needed DATE=$(date -u '+%FT%T') @@ -52,18 +52,21 @@ usage: $PGRM <subcommand> [options] [args] Monkeysphere host admin tool. subcommands: - import-key (i) FILE NAME[:PORT] import existing ssh key to gpg - show-key (s) output all host key information - publish-key (p) publish host key to keyserver - set-expire (e) [EXPIRE] set host key expiration - add-hostname (n+) NAME[:PORT] add hostname user ID to host key - revoke-hostname (n-) NAME[:PORT] revoke hostname user ID - add-revoker (r+) KEYID|FILE add a revoker to the host key - revoke-key generate and/or publish revocation - certificate for host key - - version (v) show version number - help (h,?) this help + import-key (i) FILE SERVICENAME import PEM-encoded key from file + show-keys (s) [KEYID ...] output host key information + publish-keys (p) [KEYID ...] publish key(s) to keyserver + set-expire (e) EXPIRE [KEYID] set key expiration + add-servicename (n+) SERVICENAME [KEYID] + add a service name to key + revoke-servicename (n-) SERVICENAME [KEYID] + revoke a service name from key + add-revoker (r+) REVOKER_KEYID|FILE [KEYID] + add a revoker to key + revoke-key [KEYID] generate and/or publish revocation + certificate for key + + version (v) show version number + help (h,?) this help See ${PGRM}(8) for more info. EOF @@ -74,84 +77,209 @@ gpg_host() { GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --no-tty "$@" } -# command to list the info about the host key, in colon format, to -# stdout -gpg_host_list() { - gpg_host --list-keys --with-colons --fixed-list-mode \ - --with-fingerprint --with-fingerprint \ - "0x${HOST_FINGERPRINT}!" - +# list the info about the a key, in colon format, to stdout +gpg_host_list_keys() { + if [ "$1" ] ; then + gpg_host --list-keys --with-colons --fixed-list-mode \ + --with-fingerprint --with-fingerprint \ + "$1" + else + gpg_host --list-keys --with-colons --fixed-list-mode \ + --with-fingerprint --with-fingerprint + fi } -# command for edit key scripts, takes scripts on stdin +# edit key scripts, takes scripts on stdin, and keyID as first input gpg_host_edit() { - gpg_host --command-fd 0 --edit-key "0x${HOST_FINGERPRINT}!" "$@" + gpg_host --command-fd 0 --edit-key "$@" } -# export the host public key to the monkeysphere gpg pub key file -update_gpg_pub_file() { +# export the monkeysphere OpenPGP pub key file +update_pgp_pub_file() { log debug "updating openpgp public key file '$HOST_KEY_FILE'..." gpg_host --export --armor --export-options export-minimal \ - "0x${HOST_FINGERPRINT}!" > "$HOST_KEY_FILE" + $(gpg_host --list-secret-keys --with-colons --fingerprint | grep ^fpr | cut -f10 -d:) \ + > "$HOST_KEY_FILE" } -# load the host fingerprint into the fingerprint variable, using the -# export gpg pub key file -# FIXME: this seems much less than ideal, with all this temp keyring -# stuff. is there a way we can do this without having to create temp -# files? what if we stored the fingerprint in MHDATADIR/fingerprint? -load_fingerprint() { - if [ -f "$HOST_KEY_FILE" ] ; then - HOST_FINGERPRINT=$( \ - (FUBAR=$(msmktempdir) && export GNUPGHOME="$FUBAR" \ - && gpg --quiet --import \ - && gpg --quiet --list-keys --with-colons --with-fingerprint \ - && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \ - | grep '^fpr:' | cut -d: -f10 ) - else - failure "host key gpg pub file not found." +# check that the service name is well formed. we assume that the +# service name refers to a host; DNS labels for host names are limited +# to a very small range of characters (see RFC 1912, section 2.1). + +# FIXME: i'm failing to check here for label components that are +# all-number (e.g. ssh://666.666), which are technically not allowed +# (though some exist on the 'net, apparently) + +# FIXME: this will probably misbehave if raw IP addresses are provided, +# either IPv4 or IPv6 using the bracket notation. + +# FIXME: this doesn't address the use of hashed User IDs. + +check_service_name() { + local name="$1" + local errs="" + local scheme + local port + local assigned_ports + + [ -n "$name" ] || \ + failure "You must supply a service name to check" + + printf '%s' "$name" | perl -n -e '($str = $_) =~ s/\s//g ; exit !(lc($str) eq $_);' || \ + failure "Not a valid service name: '$name' + +Service names should be canonicalized to all lower-case, +with no whitespace" + + [[ "$name" =~ ^[a-z0-9./:-]+$ ]] || \ + failure "Not a valid service name: '$name' + +Service names should contain only lower-case ASCII letters +numbers, dots (.), hyphens (-), slashes (/), and a colon (:). +If you are using non-ASCII characters (e.g. IDN), you should +use the canonicalized ASCII (NAMEPREP -> Punycode) representation +(see RFC 3490)." + + [[ "$name" =~ \. ]] || \ + failure "Not a valid service name: '$name' + +Service names should use fully-qualified domain names (FQDN), but the +domain name you chose appears to only have the local part. For +example: don't use 'ssh://foo' ; use 'ssh://foo.example.com' instead." + + [[ "$name" =~ ^[a-z]([a-z0-9-]*[a-z0-9])?://[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.|((\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)+))(:[1-9][0-9]{0,4})?$ ]] || \ + failure "Not a valid service name: '$name' + +Service names look like <scheme>://full.example.com[:<portnumber>], +where <scheme> is something like ssh or https, and <portnumber> is +a decimal number (supplied only if the service is on a non-standard +port)." + + scheme=$(cut -f1 -d: <<<"$name") + port=$(cut -f3 -d: <<<"$name") + + # check that the scheme name is found in the system services + # database + available_=$(get_port_for_service "$scheme") || \ + log error "Error looking up service scheme named '%s'" "$scheme" + + # FIXME: if the service isn't found, or does not have a port, what + # should we do? at the moment, we're just warning. + + if [ -n "$port" ]; then + # check that the port number is a legitimate port number (> 0, < 65536) + [ "$port" -gt 0 ] && [ "$port" -lt 65536 ] || \ + failure "The given port number should be greater than 0 and +less than 65536. '$port' is not OK" + + # if the port number is given, and the scheme is in the services + # database, check that the port number does *not* match the + # default port. + if (printf '%s' "$assigned_ports" | grep -q -F -x "$port" ) ; then + failure $(printf "The scheme %s uses port number %d by default. +You should leave off the port number if it is the default" "$scheme" "$port") + fi fi -} - -# load the host fingerprint into the fingerprint variable, using the -# gpg host secret key -load_fingerprint_secret() { - HOST_FINGERPRINT=$( \ - gpg_host --list-secret-key --with-colons --with-fingerprint \ - | grep '^fpr:' | cut -d: -f10 ) -} -# fail if host key present -check_host_key() { - [ ! -s "$HOST_KEY_FILE" ] \ - || failure "An OpenPGP host key already exists." } # fail if host key not present -check_host_no_key() { +check_no_keys() { [ -s "$HOST_KEY_FILE" ] \ || failure "You don't appear to have a Monkeysphere host key on this server. -Please run 'monkeysphere-host import-key...' first." +Please run 'monkeysphere-host import-key' import a key." +} + +# key input to functions, outputs full fingerprint of specified key if +# found +check_key_input() { + local keyID="$1" + # array of fingerprints + local fprs=($(list_primary_fingerprints <"$HOST_KEY_FILE")) + + case ${#fprs[@]} in + 0) + failure "You don't appear to have any Monkeysphere host keys. +Please run 'monkeysphere-host import-key' to import a key." + ;; + 1) + : + ;; + *) + if [ -z "$keyID" ] ; then + failure "Your host keyring contains multiple keys. +Please specify one to act on (see 'monkeysphere-host show-keys')." + fi + ;; + esac + printf '%s\n' "${fprs[@]}" | grep "${keyID}$" \ + || failure "Host key '$keyID' not found." } # return 0 if user ID was found. # return 1 if user ID not found. -find_host_userid() { - local userID="$1" +check_key_userid() { + local keyID="$1" + local userID="$2" local tmpuidMatch # match to only "unknown" user IDs (host has no need for ultimate trust) tmpuidMatch="uid:-:$(echo $userID | gpg_escape)" # See whether the requsted user ID is present - gpg_host_list | cut -f1,2,10 -d: | \ + gpg_host_list_keys "$keyID" | cut -f1,2,10 -d: | \ grep -q -x -F "$tmpuidMatch" 2>/dev/null } -# show info about the host key +prompt_userid_exists() { + local userID="$1" + local gpgOut + local fingerprint + + if gpgOut=$(gpg_host_list_keys "=${userID}" 2>/dev/null) ; then + fingerprint=$(echo "$gpgOut" | grep '^fpr:' | cut -d: -f10) + if [ "$PROMPT" != "false" ] ; then + printf "Service name '%s' is already being used by key '%s'.\nAre you sure you want to use it again? (y/N) " "$fingerprint" "$userID" >&2 + read OK; OK=${OK:=N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Service name not added." + fi + else + log info "Key '%s' is already using the service name '%s'." "$fingerprint" "$userID" >&2 + fi + fi +} + +# run command looped over keys +multi_key() { + local cmd="$1" + shift + local keys=$@ + local i=0 + local key + + check_no_keys + + local fprs=($(list_primary_fingerprints <"$HOST_KEY_FILE")) + + if [[ -z "$1" || "$1" == '--all' ]] ; then + keys="${fprs[@]}" + fi + + for key in $keys ; do + if (( i++ > 0 )) ; then + echo "##############################" + fi + "$cmd" "$key" + done +} + +# show info about the a key show_key() { + local id="$1" local GNUPGHOME - local TMPSSH + local fingerprint + local tmpssh local revokers # tmp gpghome dir @@ -163,24 +291,29 @@ show_key() { # import the host key into the tmp dir gpg --quiet --import <"$HOST_KEY_FILE" - # create the ssh key - TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub - gpg --export | openpgp2ssh 2>/dev/null >"$TMPSSH" - # get the gpg fingerprint - HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \ - | grep '^fpr:' | cut -d: -f10 ) + if gpg --quiet --list-keys \ + --with-colons --with-fingerprint "$id" \ + | grep '^fpr:' | cut -d: -f10 > "$GNUPGHOME"/fingerprint ; then + fingerprint=$(cat "$GNUPGHOME"/fingerprint) + else + failure "ID '$id' not found." + fi + + # create the ssh key + tmpssh="$GNUPGHOME"/ssh_host_key_rsa_pub + gpg --export "$fingerprint" 2>/dev/null \ + | openpgp2ssh 2>/dev/null >"$tmpssh" # list the host key info # FIXME: make no-show-keyring work so we don't have to do the grep'ing # FIXME: can we show uid validity somehow? - gpg --list-keys --fingerprint \ - --list-options show-unusable-uids 2>/dev/null \ + gpg --list-keys --list-options show-unusable-uids "$fingerprint" 2>/dev/null \ | grep -v "^${GNUPGHOME}/pubring.gpg$" \ | egrep -v '^-+$' # list revokers, if there are any - revokers=$(gpg --list-keys --with-colons --fixed-list-mode \ + revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$fingerprint" \ | awk -F: '/^rvk:/{ print $10 }' ) if [ "$revokers" ] ; then echo "The following keys are allowed to revoke this host key:" @@ -191,11 +324,11 @@ show_key() { fi # list the pgp fingerprint - echo "OpenPGP fingerprint: $HOST_FINGERPRINT" + echo "OpenPGP fingerprint: $fingerprint" # list the ssh fingerprint echo -n "ssh fingerprint: " - ssh-keygen -l -f "$TMPSSH" | awk '{ print $1, $2, $4 }' + ssh-keygen -l -f "$tmpssh" | awk '{ print $1, $2, $4 }' # remove the tmp file trap - EXIT @@ -236,63 +369,53 @@ export GNUPGHOME export HOST_FINGERPRINT export LOG_PREFIX +if [ "$#" -eq 0 ] ; then + usage + failure "Please supply a subcommand." +fi + # get subcommand COMMAND="$1" -[ "$COMMAND" ] || $PGRM help shift case $COMMAND in - 'import-key'|'i') - check_host_key + 'import-key'|'import'|'i') source "${MHSHAREDIR}/import_key" import_key "$@" ;; - 'show-key'|'show'|'s') - check_host_no_key - show_key + 'show-keys'|'show-key'|'show'|'s') + multi_key show_key "$@" ;; - 'set-expire'|'extend-key'|'e') - check_host_no_key - load_fingerprint + 'set-expire'|'extend-key'|'extend'|'e') source "${MHSHAREDIR}/set_expire" set_expire "$@" ;; - 'add-hostname'|'add-name'|'n+') - check_host_no_key - load_fingerprint - source "${MHSHAREDIR}/add_hostname" - add_hostname "$@" + 'add-servicename'|'add-hostname'|'add-name'|'n+') + source "${MHSHAREDIR}/add_name" + add_name "$@" ;; - 'revoke-hostname'|'revoke-name'|'n-') - check_host_no_key - load_fingerprint - source "${MHSHAREDIR}/revoke_hostname" - revoke_hostname "$@" + 'revoke-servicename'|'revoke-hostname'|'revoke-name'|'n-') + source "${MHSHAREDIR}/revoke_name" + revoke_name "$@" ;; 'add-revoker'|'r+') - check_host_no_key - load_fingerprint source "${MHSHAREDIR}/add_revoker" add_revoker "$@" ;; 'revoke-key') - check_host_no_key - load_fingerprint source "${MHSHAREDIR}/revoke_key" revoke_key "$@" ;; - 'publish-key'|'publish'|'p') - check_host_no_key - load_fingerprint + 'publish-keys'|'publish-key'|'publish'|'p') source "${MHSHAREDIR}/publish_key" - publish_key + multi_key publish_key "$@" ;; 'diagnostics'|'d') @@ -300,12 +423,11 @@ case $COMMAND in diagnostics ;; - 'update-gpg-pub-file') - load_fingerprint_secret - update_gpg_pub_file + 'update-pgp-pub-file') + update_pgp_pub_file ;; - 'version'|'v') + 'version'|'--version'|'v') version ;; @@ -315,6 +437,6 @@ case $COMMAND in *) failure "Unknown command: '$COMMAND' -Type '$PGRM help' for usage." +Try '$PGRM help' for usage." ;; esac diff --git a/src/share/common b/src/share/common index 4aa3f7c..e735319 100644 --- a/src/share/common +++ b/src/share/common @@ -281,7 +281,7 @@ get_gpg_expiration() { keyExpire="$1" - if [ -z "$keyExpire" -a "$PROMPT" = 'true' ]; then + if [ -z "$keyExpire" -a "$PROMPT" != 'false' ]; then cat >&2 <<EOF Please specify how long the key should be valid. 0 = key does not expire @@ -436,6 +436,28 @@ list_users() { fi } +# take one argument, a service name. in response, print a series of +# lines, each with a unique numeric port number that might be +# associated with that service name. (e.g. in: "https", out: "443") +# if nothing is found, print nothing, and return 0. +# +# return 1 if there was an error in the search somehow +get_port_for_service() { + + [[ "$1" =~ ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$ ]] || \ + failure $(printf "This is not a valid service name: '%s'" "$1") + if type getent &>/dev/null ; then + # for linux and FreeBSD systems (getent returns 2 if not found, 0 on success, 1 or 3 on various failures) + (getent services "$service" || if [ "$?" -eq 2 ] ; then true ; else false; fi) | awk '{ print $2 }' | cut -f1 -d/ | sort -u + elif [ -r /etc/services ] ; then + # fall back to /etc/services for systems that don't have getent (MacOS?) + # FIXME: doesn't handle aliases like "null" (or "http"?), which don't show up at the beginning of the line. + awk $(printf '/^%s[[:space:]]/{ print $2 }' "$1") /etc/services | cut -f1 -d/ | sort -u + else + return 1 + fi +} + # return the path to the home directory of a user get_homedir() { local uname=${1:-`whoami`} @@ -530,6 +552,15 @@ gpg2authorized_keys() { ### GPG UTILITIES +# script to determine if gpg version is equal to or greater than specified version +is_gpg_version_greater_equal() { + local gpgVersion=$(gpg --version | head -1 | awk '{ print $3 }') + local latest=$(printf '%s\n%s\n' "$1" "$gpgVersion" \ + | tr '.' ' ' | sort -g -k1 -k2 -k3 \ + | tail -1 | tr ' ' '.') + [[ "$gpgVersion" == "$latest" ]] +} + # retrieve all keys with given user id from keyserver # FIXME: need to figure out how to retrieve all matching keys # (not just first N (5 in this case)) @@ -559,7 +590,7 @@ gpg_fetch_userid() { # userid and key policy checking # the following checks policy on the returned keys # - checks that full key has appropriate valididy (u|f) -# - checks key has specified capability (REQUIRED_*_KEY_CAPABILITY) +# - checks key has specified capability (REQUIRED_KEY_CAPABILITY) # - checks that requested user ID has appropriate validity # (see /usr/share/doc/gnupg/DETAILS.gz) # output is one line for every found key, in the following format: @@ -571,8 +602,6 @@ gpg_fetch_userid() { # # all log output must go to stderr, as stdout is used to pass the # flag:sshKey to the calling function. -# -# expects global variable: "MODE" process_user_id() { local returnCode=0 local userID @@ -593,11 +622,7 @@ process_user_id() { userID="$1" # set the required key capability based on the mode - if [ "$MODE" = 'known_hosts' ] ; then - requiredCapability="$REQUIRED_HOST_KEY_CAPABILITY" - elif [ "$MODE" = 'authorized_keys' ] ; then - requiredCapability="$REQUIRED_USER_KEY_CAPABILITY" - fi + requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"} requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]") # fetch the user ID if necessary/requested @@ -758,6 +783,59 @@ process_user_id() { # being processed in the key files over "bad" keys (key flag '1') } +# output all valid keys for specified user ID literal +keys_for_userid() { + local userID + local noKey= + local nKeys + local nKeysOK + local ok + local sshKey + local tmpfile + + userID="$1" + + log verbose "processing: $userID" + + nKeys=0 + nKeysOK=0 + + IFS=$'\n' + for line in $(process_user_id "${userID}") ; do + # note that key was found + nKeys=$((nKeys+1)) + + ok=$(echo "$line" | cut -d: -f1) + sshKey=$(echo "$line" | cut -d: -f2) + + if [ -z "$sshKey" ] ; then + continue + fi + + # if key OK, output key to stdout + if [ "$ok" -eq '0' ] ; then + # note that key was found ok + nKeysOK=$((nKeysOK+1)) + + printf '%s\n' "$sshKey" + fi + done + + # if at least one key was found... + if [ "$nKeys" -gt 0 ] ; then + # if ok keys were found, return 0 + if [ "$nKeysOK" -gt 0 ] ; then + return 0 + # else return 2 + else + return 2 + fi + # if no keys were found, return 1 + else + return 1 + fi +} + # process a single host in the known_host file process_host_known_hosts() { local host @@ -770,7 +848,7 @@ process_host_known_hosts() { local tmpfile # set the key processing mode - export MODE='known_hosts' + export REQUIRED_KEY_CAPABILITY="$REQUIRED_HOST_KEY_CAPABILITY" host="$1" userID="ssh://${host}" @@ -954,7 +1032,7 @@ process_uid_authorized_keys() { local sshKey # set the key processing mode - export MODE='authorized_keys' + export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY" userID="$1" @@ -1121,9 +1199,23 @@ process_authorized_user_ids() { # fingerprints, one per line: list_primary_fingerprints() { local fake=$(msmktempdir) - GNUPGHOME="$fake" gpg --no-tty --quiet --import + trap "rm -rf $fake" EXIT + GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null GNUPGHOME="$fake" gpg --with-colons --fingerprint --list-keys | \ awk -F: '/^fpr:/{ print $10 }' + trap - EXIT + rm -rf "$fake" +} + +# takes an OpenPGP key or set of keys on stdin, a fingerprint or other +# key identifier as $1, and outputs the gpg-formatted information for +# the requested keys from the material on stdin +get_cert_info() { + local fake=$(msmktempdir) + trap "rm -rf $fake" EXIT + GNUPGHOME="$fake" gpg --no-tty --quiet --import --ignore-time-conflict 2>/dev/null + GNUPGHOME="$fake" gpg --with-colons --fingerprint --fixed-list-mode --list-keys "$1" + trap - EXIT rm -rf "$fake" } diff --git a/src/share/keytrans b/src/share/keytrans index ae4fb09..255a271 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -722,6 +722,7 @@ sub findkey { my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex(); # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint: $foundfprstr = sprintf("%040s", $foundfprstr); + my $matched = 0; # is this a match? if ((!defined($data->{target}->{fpr})) || @@ -731,6 +732,7 @@ sub findkey { } $data->{key} = { 'rsa' => $pubkey, 'timestamp' => $key_timestamp }; + $matched = 1; } if ($tag != $packet_types->{seckey} && @@ -740,7 +742,7 @@ sub findkey { } return; } - if (!defined($data->{key})) { + if (!$matched) { # we don't think the public part of this key matches if ($readbytes < $packetlen) { read($instr, $dummy, $packetlen - $readbytes) or die "Could not skip past this packet.\n"; @@ -810,6 +812,40 @@ sub openpgp2rsa { return $data->{key}->{rsa}; } +sub findkeyfprs { + my $data = shift; + my $instr = shift; + my $tag = shift; + my $packetlen = shift; + + findkey($data, $instr, $tag, $packetlen); + if (defined($data->{key})) { + if (defined($data->{key}->{rsa}) && defined($data->{key}->{timestamp})) { + $data->{keys}->{fingerprint($data->{key}->{rsa}, $data->{key}->{timestamp})} = $data->{key}; + } else { + die "should have found some key here"; + } + undef($data->{key}); + } +}; + +sub getallprimarykeys { + my $instr = shift; + + my $subs = { $packet_types->{pubkey} => \&findkeyfprs, + $packet_types->{seckey} => \&findkeyfprs, + }; + my $data = {target => { } }; + + packetwalk($instr, $subs, $data); + + if (defined $data->{keys}) { + return $data->{keys}; + } else { + return {}; + } +} + sub adduserid { my $instr = shift; my $fpr = shift; @@ -1102,6 +1138,12 @@ for (basename($0)) { }); print $newuid; + } elsif (/^listfprs$/) { + my $instream; + open($instream,'-'); + binmode($instream, ":bytes"); + my $keys = getallprimarykeys($instream); + printf("%s\n", join("\n", map { uc(unpack('H*', $_)) } keys(%{$keys}))); } else { die "Unrecognized subcommand. keytrans subcommands are not a stable interface!\n"; } diff --git a/src/share/m/gen_subkey b/src/share/m/gen_subkey index a90c618..cf1ed0c 100644 --- a/src/share/m/gen_subkey +++ b/src/share/m/gen_subkey @@ -19,6 +19,7 @@ gen_subkey(){ local keyID local editCommands local fifoDir + local keyType # get options while true ; do @@ -43,9 +44,27 @@ Type '$PGRM help' for usage." # check that an authentication subkey does not already exist check_gpg_authentication_subkey "$keyID" + # determine which keyType to use from gpg version + keyType=7 + case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in + 1) + if is_gpg_version_greater_equal 1.4.10 ; then + keyType=8 + fi + ;; + 2) + if is_gpg_version_greater_equal 2.0.13 ; then + keyType=8 + fi + ;; + *) + keyType=8 + ;; + esac + # generate the list of commands that will be passed to edit-key editCommands="addkey -8 +$keyType S E A diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 1601997..bd38190 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -135,7 +135,7 @@ EOF log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" - if [ "$PROMPT" = "true" ] ; then + if [ "$PROMPT" != "false" ] ; then printf "Are you sure you want to add the above key as a certifier\nof users on this system? (Y/n) " >&2 read OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 79f1cda..51c7ee7 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -26,7 +26,7 @@ fi # FIXME: should we be doing a fancier list_certifier output here? gpg_core --list-key --fingerprint "0x${keyID}!" || failure -if [ "$PROMPT" = "true" ] ; then +if [ "$PROMPT" != "false" ] ; then printf "Really remove the above listed identity certifier? (Y/n) " >&2 read OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 31b53bf..0086cd3 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -27,9 +27,6 @@ else unames=$(list_users) fi -# set mode -MODE="authorized_keys" - # set gnupg home GNUPGHOME="$GNUPGHOME_SPHERE" diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname deleted file mode 100644 index c1b32a9..0000000 --- a/src/share/mh/add_hostname +++ /dev/null @@ -1,62 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host add-hostname subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins <jrollins@finestructure.net> -# Jamie McClelland <jm@mayfirst.org> -# Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# add hostname user ID to server key - -add_hostname() { - -local userID -local fingerprint -local tmpuidMatch -local line -local adduidCommand - -if [ -z "$1" ] ; then - failure "You must specify a hostname to add." -fi - -userID="ssh://${1}" - -# test that the desired user ID does not already exist -find_host_userid "$userID" && \ - failure "Host userID '$userID' already exists." - -if [ "$PROMPT" = "true" ] ; then - printf "The following user ID will be added to the host key:\n %s\nAre you sure you would like to add this user ID? (Y/n) " "$userID" >&2 - read OK; OK=${OK:=Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "User ID not added." - fi -else - log debug "adding user ID without prompting." -fi - -# execute edit-key script -if PEM2OPENPGP_USAGE_FLAGS=authenticate \ - <"$GNUPGHOME_HOST/secring.gpg" \ - "$SYSSHAREDIR/keytrans" adduserid \ - "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then - gpg_host --check-trustdb - - update_gpg_pub_file - - show_key - - echo - echo "NOTE: User ID added to key, but key not published." - echo "Run '$PGRM publish-key' to publish the new user ID." -else - failure "Problem adding user ID." -fi - -} diff --git a/src/share/mh/add_name b/src/share/mh/add_name new file mode 100644 index 0000000..39ebace --- /dev/null +++ b/src/share/mh/add_name @@ -0,0 +1,71 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host add-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2010, and are all released under the GPL, +# version 3 or later. + +# add servicename user ID to server key + +add_name() { + +local serviceName +local keyID +local fingerprint +local tmpuidMatch +local line +local adduidCommand + +if [ -z "$1" ] ; then + failure "You must specify a service name to add." +fi +serviceName="$1" +shift + +keyID=$(check_key_input "$@") + +# test that the desired user ID does not already exist +check_key_userid "$keyID" "$serviceName" && \ + failure "Service name '$serviceName' already exists on key '$keyID'." + +# test that a key with that user ID does not already exist +prompt_userid_exists "$serviceName" + +check_service_name "$serviceName" + +if [ "$PROMPT" != "false" ] ; then + printf "The following service name will be added to key '$keyID':\n %s\nAre you sure you would like to add this service name? (Y/n) " "$serviceName" >&2 + read OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Service name not added." + fi +else + log debug "adding service name without prompting." +fi + +# execute edit-key script +if PEM2OPENPGP_USAGE_FLAGS=authenticate \ + <"$GNUPGHOME_HOST/secring.gpg" \ + "$SYSSHAREDIR/keytrans" adduserid "$keyID" "$serviceName" \ + | gpg_host --import ; then + + gpg_host --check-trustdb + + update_pgp_pub_file + + show_key "$keyID" + + echo + echo "NOTE: Service name added to key, but key not published." + echo "Run '$PGRM publish-key' to publish the new service name." +else + failure "Problem adding service name." +fi + +} diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 89e6fcf..41cf090 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -8,24 +8,27 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008, and are all released under the GPL, version 3 -# or later. +# They are Copyright 2008-2010, and are all released under the GPL, +# version 3 or later. # add a revoker to the host key add_revoker() { +local revokerKeyID local keyID local tmpDir local fingerprint local addrevokerCommand -keyID="$1" - # check that key ID or file is specified -if [ -z "$keyID" ] ; then +if [ -z "$1" ] ; then failure "You must specify the key ID of a revoker key, or specify a file to read the key from." fi +revokerKeyID="$1" +shift + +keyID=$(check_key_input "$@") # make a temporary directory for storing keys during import, and set # the trap to delete it on exit @@ -33,33 +36,33 @@ tmpDir=$(msmktempdir) trap "rm -rf $tmpDir" EXIT # if file is specified -if [ -f "$keyID" -o "$keyID" = '-' ] ; then +if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then # load the key from stdin - if [ "$keyID" = '-' ] ; then + if [ "$revokerKeyID" = '-' ] ; then # make a temporary file to hold the key from stdin - keyID="$tmpDir"/importkey - log verbose "reading key from stdin..." - cat > "$keyID" + revokerKeyID="$tmpDir"/importkey + log verbose "reading revoker key from stdin..." + cat > "$revokerKeyID" # load the key from the file - elif [ -f "$keyID" ] ; then - log verbose "reading key from file '$keyID'..." + elif [ -f "$revokerKeyID" ] ; then + log verbose "reading revoker key from file '$revokerKeyID'..." fi # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$revokerKeyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi # load the key - gpg_host --import <"$keyID" \ - || failure "could not read key from '$keyID'" + gpg_host --import <"$revokerKeyID" \ + || failure "could not read revoker key from '$revokerKeyID'" -# else, get the key from the keyserver +# else, get the revoker key from the keyserver else # fix permissions and ownership on temporary directory which will # be used by monkeysphere user for storing the downloaded key @@ -67,13 +70,13 @@ else chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$tmpDir" # download the key from the keyserver as the monkeysphere user - log verbose "searching keyserver $KEYSERVER for keyID $keyID..." - su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${keyID}!" \ - || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." + log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..." + su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --keyserver $KEYSERVER --recv-key 0x${revokerKeyID}!" \ + || failure "Could not receive a key with this ID from keyserver '$KEYSERVER'." # get the full fingerprint of new revoker key log debug "getting fingerprint of revoker key..." - fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint 0x${keyID}!" \ + fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --list-key --with-colons --with-fingerprint ${revokerKeyID}" \ | grep '^fpr:' | cut -d: -f10) # test that there is only a single fingerprint @@ -86,11 +89,11 @@ EOF failure fi - log info "key found:" + log info "revoker key found:" su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --fingerprint 0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then - printf "Are you sure you want to add the above key as a revoker\nof the host key? (Y/n) " >&2 + printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2 read OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "revoker not added." @@ -100,7 +103,7 @@ EOF fi # export the new key to the host keyring - log debug "loading key into host keyring..." + log debug "loading revoker key into host keyring..." su_monkeysphere_user "GNUPGHOME=$tmpDir gpg --quiet --export 0x${fingerprint}!" \ | gpg_host --import fi @@ -115,9 +118,9 @@ save # core ltsigns the newly imported revoker key log debug "executing add revoker script..." -if echo "$addrevokerCommand" | gpg_host_edit ; then +if echo "$addrevokerCommand" | gpg_host_edit "0x${keyID}!" ; then - update_gpg_pub_file + update_pgp_pub_file log info "Revoker added." else diff --git a/src/share/mh/diagnostics b/src/share/mh/diagnostics index b92d729..9409f1d 100644 --- a/src/share/mh/diagnostics +++ b/src/share/mh/diagnostics @@ -8,107 +8,88 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. -# check on the status and validity of the key and public certificates +# check on the status and validity of the host's public certificates (and keys?) -diagnostics() { - -local seckey -local keysfound -local curdate -local warnwindow -local warndate -local create -local expire -local uid -local fingerprint -local badhostkeys -local problemsfound=0 - -if ! [ -d "$SYSDATADIR" ] ; then - echo "! no $SYSDATADIR directory found. Please create it." - exit -fi - -if ! [ -f "$HOST_KEY_FILE" ] ; then - echo "No host key gpg pub file found!" - echo " - Recommendation: run 'monkeysphere-host import-key'" - exit -fi +# global vars for communicating between functions: -# load the host key fingerprint -load_fingerprint - -seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) -keysfound=$(echo "$seckey" | grep -c ^sec:) -curdate=$(date +%s) +MHD_CURDATE=$(date +%s) # warn when anything is 2 months away from expiration -warnwindow='2 months' -warndate=$(advance_date $warnwindow +%s) - -if ! id monkeysphere >/dev/null ; then - echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." - problemsfound=$(($problemsfound+1)) -fi +MHD_WARNWINDOW='2 months' +MHD_WARNDATE=$(advance_date $MHD_WARNWINDOW +%s) +MHD_PROBLEMSFOUND=0 + + +diagnose_key() { + local fpr="$1" + local certinfo + local create + local expire + local uid + local keysfound + local uiderrs + local errcount + + printf "Checking OpenPGP Certificate for key 0x%s\n" "$fpr" + + certinfo=$(get_cert_info "0x$fpr" <"$HOST_KEY_FILE") + keysfound=$(grep -c ^pub: <<<"$certinfo") + + if [ "$keysfound" -lt 1 ] ; then + printf "! Could not find key with fingerprint 0x%s\n" "$fpr" + # FIXME: recommend a way to resolve this! + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) + fi -echo "Checking host GPG key..." -if (( "$keysfound" < 1 )); then - echo "! No host key found. The monkeysphere-host data directory is corrupt?!?!" - echo " - Recommendation: purge the MHDATADIR ($MHDATADIR) and rerun 'monkeysphere-host import-key'" - problemsfound=$(($problemsfound+1)) -elif (( "$keysfound" > 1 )); then - echo "! More than one host key found?" - # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) -else - create=$(echo "$seckey" | grep ^sec: | cut -f6 -d:) - expire=$(echo "$seckey" | grep ^sec: | cut -f7 -d:) - fingerprint=$(echo "$seckey" | grep ^fpr: | head -n1 | cut -f10 -d:) + create=$(echo "$certinfo" | grep ^pub: | cut -f6 -d:) + expire=$(echo "$certinfo" | grep ^pub: | cut -f7 -d:) # check for key expiration: if [ "$expire" ]; then - if (( "$expire" < "$curdate" )); then - echo "! Host key is expired." - echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'" - problemsfound=$(($problemsfound+1)) - elif (( "$expire" < "$warndate" )); then - echo "! Host key expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) - echo " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire'" - problemsfound=$(($problemsfound+1)) + if (( "$expire" < "$MHD_CURDATE" )); then + printf "! Host key 0x%s is expired.\n" "$fpr" + printf " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire 0x%s'\n" "$fpr" + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) + elif (( "$expire" < "$MHD_WARNDATE" )); then + printf "! Host key 0x%s expires in less than %s: %s\n" "$fpr" "$MHD_WARNWINDOW" $(advance_date $(( $expire - $MHD_CURDATE )) seconds +%F) + printf " - Recommendation: extend lifetime of key with 'monkeysphere-host set-expire %s'\n" "$fpr" + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) fi fi # and weirdnesses: - if [ "$create" ] && (( "$create" > "$curdate" )); then - echo "! Host key was created in the future(?!). Is your clock correct?" - echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" - problemsfound=$(($problemsfound+1)) + if [ "$create" ] && (( "$create" > "$MHD_CURDATE" )); then + printf "! Host key 0x%s was created in the future(?!): %s. Is your clock correct?\n" "$fpr" $(date -d "1970-01-01 + $create seconds" +%F) + printf " - Recommendation: Check your clock (is it really %s?); use NTP?\n" $(date +%F_%T) + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) fi # check for UserID expiration: - echo "$seckey" | grep ^uid: | cut -d: -f6,7,10 | \ - while IFS=: read create expire uid ; do - # FIXME: should we be doing any checking on the form - # of the User ID? Should we be unmangling it somehow? - - if [ "$create" ] && (( "$create" > "$curdate" )); then - echo "! User ID '$uid' was created in the future(?!). Is your clock correct?" - echo " - Recommendation: Check clock ($(date +%F_%T)); use NTP?" - problemsfound=$(($problemsfound+1)) - fi - if [ "$expire" ] ; then - if (( "$expire" < "$curdate" )); then - echo "! User ID '$uid' is expired." + uiderrs=$(printf '%s\n' "$certinfo" | grep ^uid: | cut -d: -f6,7,10 | \ + while IFS=: read -r create expire uid ; do + uid=$(gpg_unescape <<<"$uid") + + check_service_name "$uid" + if [ "$create" ] && (( "$create" > "$MHD_CURDATE" )); then + printf "! The latest self-sig on User ID '%s' was created in the future(?!): %s.\n - Is your clock correct?\n" "$uid" $(date -d "1970-01-01 + $create seconds" +%F) + printf " - Recommendation: Check your clock (is it really %s ?); use NTP?\n" $(date +%F_%T) + fi + if [ "$expire" ] ; then + if (( "$expire" < "$MHD_CURDATE" )); then + printf "! User ID '%s' is expired.\n" "$uid" # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) - elif (( "$expire" < "$warndate" )); then - echo "! User ID '$uid' expires in less than $warnwindow:" $(advance_date $(( $expire - $curdate )) seconds +%F) + elif (( "$expire" < "$MHD_WARNDATE" )); then + printf "! User ID '%s' expires in less than %s: %s\n" "%s" "$MHD_WARNWINDOW" $(advance_date $(( $expire - $MHD_CURDATE )) seconds +%F) # FIXME: recommend a way to resolve this - problemsfound=$(($problemsfound+1)) + fi fi - fi - done + done) + errcount=$(grep -c '^!' <<<"$uiderrs") || \ + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+ $errcount )) + printf '%s\n' "$uiderrs" + + # FIXME: verify that the host key is properly published to the # keyservers (do this with the non-privileged user) @@ -120,11 +101,45 @@ else # FIXME: propose adding a revoker to the host key if none exist (do we # have a way to do that after key generation?) -# FIXME: test (with ssh-keyscan?) that the running ssh -# daemon is actually offering the monkeysphere host key. +# FIXME: test (with ssh-keyscan?) that any running ssh daemon is +# actually offering the monkeysphere host key, if such a key is +# loaded. + +# FIXME: scan /proc/net/tcp and /proc/net/tcp6 to see what +# known-crypto ports (ssh, https, imaps?, ldaps?, etc) are in use +# locally. Propose bringing them into the monkeysphere. + +# FIXME: ensure that the key is of a reasonable size + +# FIXME: ensure that the cert has the right key usage flags + +# FIXME: ensure that the key doesn't match any known blacklist +} + +diagnostics() { + +MHD_PROBLEMSFOUND=0 + + +if ! [ -d "$SYSDATADIR" ] ; then + echo "! no $SYSDATADIR directory found. Please create it." + exit +fi +if ! [ -f "$HOST_KEY_FILE" ] ; then + echo "No host OpenPGP certificates file found!" + echo " - Recommendation: run 'monkeysphere-host import-key' with a service key" + exit fi +if ! id monkeysphere >/dev/null ; then + echo "! No monkeysphere user found! Please create a monkeysphere system user with bash as its shell." + MHD_PROBLEMSFOUND=$(($MHD_PROBLEMSFOUND+1)) +fi + +echo "Checking host OpenPGP certificates..." +multi_key diagnose_key + # FIXME: look at the ownership/privileges of the various keyrings, # directories housing them, etc (what should those values be? can # we make them as minimal as possible?) @@ -132,8 +147,8 @@ fi # report on any cruft from old monkeysphere version report_cruft -if [ "$problemsfound" -gt 0 ]; then - echo "When the above $problemsfound issue"$(if [ "$problemsfound" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" +if [ "$MHD_PROBLEMSFOUND" -gt 0 ]; then + echo "When the above $MHD_PROBLEMSFOUND issue"$(if [ "$MHD_PROBLEMSFOUND" -eq 1 ] ; then echo " is" ; else echo "s are" ; fi)" resolved, please re-run:" echo " monkeysphere-host diagnostics" else echo "Everything seems to be in order!" diff --git a/src/share/mh/import_key b/src/share/mh/import_key index f7c69c3..0f362b8 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -8,60 +8,53 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008-2009 and are all released under the GPL, +# They are Copyright 2008-2010 and are all released under the GPL, # version 3 or later. import_key() { -local sshKeyFile -local hostName -local domain -local userID - -sshKeyFile="$1" -hostName="$2" +local keyFile="$1" +local serviceName="$2" # check that key file specified -if [ -z "$sshKeyFile" ] ; then - failure "Must specify ssh key file to import, or specify '-' for stdin." +if [ -z "$keyFile" ] ; then + failure "Must specify PEM-encoded key file to import, or specify '-' for stdin." fi # fail if hostname not specified -if [ -z "$hostName" ] ; then - failure "You must specify a fully-qualified domain name for use in the host certificate user ID." +if [ -z "$serviceName" ] ; then + failure "You must specify a service name for use in the OpenPGP certificate user ID." fi -userID="ssh://${hostName}" +# test that a key with that user ID does not already exist +prompt_userid_exists "$serviceName" + +# check that the service name is well formatted +check_service_name "$serviceName" # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -# import ssh key to a private key -if [ "$sshKeyFile" = '-' ] ; then - log verbose "importing ssh key from stdin..." - PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ +# import pem-encoded key to an OpenPGP private key +if [ "$keyFile" = '-' ] ; then + log verbose "importing key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ | gpg_host --import else - log verbose "importing ssh key from file '$sshKeyFile'..." - PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - <"$sshKeyFile" \ + log verbose "importing key from file '$keyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + <"$keyFile" \ | gpg_host --import fi -# load the new host fpr into the fpr variable. this is so we can -# create the gpg pub key file. we have to do this from the secret key -# ring since we obviously don't have the gpg pub key file yet, since -# that's what we're trying to produce (see below). -load_fingerprint_secret - -# export to gpg public key to file -update_gpg_pub_file +# export to OpenPGP public key to file +update_pgp_pub_file log info "host key imported:" # show info about new key -show_key +show_key "$serviceName" } diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 48e4cbb..f1c1723 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -8,23 +8,24 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008-2009, and are all released under the GPL, version 3 -# or later. +# They are Copyright 2008-2010, and are all released under the GPL, +# version 3 or later. -# publish server key to keyserver +# publish keys to keyserver publish_key() { +local keyID="$1" local GNUPGHOME -if [ "$PROMPT" = "true" ] ; then - printf "Really publish host key to $KEYSERVER? (Y/n) " >&2 +if [ "$PROMPT" != "false" ] ; then + printf "Really publish key '$keyID' to $KEYSERVER? (Y/n) " >&2 read OK; OK=${OK:=Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "key not published." fi else - log debug "publishing key without prompting." + log debug "publishing key '$keyID' without prompting." fi # create a temporary gnupg directory from which to publish the key @@ -35,13 +36,13 @@ chown "$MONKEYSPHERE_USER":"$MONKEYSPHERE_GROUP" "$GNUPGHOME" # trap to remove tmp dir if break trap "rm -rf $GNUPGHOME" EXIT -# import the host key into the tmp dir +# import the key into the tmp dir su_monkeysphere_user \ "gpg --quiet --import" <"$HOST_KEY_FILE" -# publish host key +# publish key su_monkeysphere_user \ - "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'" + "gpg --keyserver $KEYSERVER --send-keys '0x${keyID}!'" # remove the tmp file trap - EXIT diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname deleted file mode 100644 index 6b80802..0000000 --- a/src/share/mh/revoke_hostname +++ /dev/null @@ -1,68 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host revoke-hostname subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins <jrollins@finestructure.net> -# Jamie McClelland <jm@mayfirst.org> -# Daniel Kahn Gillmor <dkg@fifthhorseman.net> -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# revoke hostname user ID from host key - -revoke_hostname() { - -local userID -local fingerprint -local tmpuidMatch -local line -local message -local revuidCommand - -if [ -z "$1" ] ; then - failure "You must specify a hostname to revoke." -fi - -userID="ssh://${1}" - -# make sure the user ID to revoke -find_host_userid "$userID" || \ - failure "No non-revoked user ID found matching '$userID'." - -if [ "$PROMPT" = "true" ] ; then - printf "The following host key user ID will be revoked:\n %s\nAre you sure you would like to revoke this user ID? (Y/n) " "$userID" >&2 - read OK; OK=${OK:=Y} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "User ID not revoked." - fi -else - log debug "revoking user ID without prompting." -fi - -# actually revoke: - -# the gpg secring might not contain the host key we are trying to -# revoke (let alone any selfsig over that host key), but the plain -# --export won't contain the secret key. "keytrans revokeuserid" -# needs access to both pieces, so we feed it both of them. - -if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \ - "$SYSSHAREDIR/keytrans" revokeuserid \ - "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then - gpg_host --check-trustdb - - update_gpg_pub_file - - show_key - - echo - echo "NOTE: User ID revoked, but revocation not published." - echo "Run '$PGRM publish-key' to publish the revocation." -else - failure "Problem revoking user ID." -fi - -} diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index 5460e51..5a013e0 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -8,23 +8,24 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. # revoke host key revoke_key() { -# Coming in here, we expect $HOST_FINGERPRINT to be set, and we -# believe that there is in fact a key. + local keyID + local publish + + keyID=$(check_key_input "$@") if [ "$PROMPT" = "false" ] ; then publish=N else cat <<EOF >&2 -This will generate a revocation certificate for your host key -(fingerprint: $HOST_FINGERPRINT) and -dump the certificate to standard output. +This will generate a revocation certificate for key $keyID +and dump the certificate to standard output. It can also directly publish the new revocation certificate to the public keyservers via $KEYSERVER if you want it to. @@ -65,14 +66,13 @@ Monkeysphere host key revocation (automated) $(date '+%F_%T%z') y " - revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \ + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${keyID}!" <<<"$revoke_commands" ) \ || failure "Failed to generate revocation certificate!" - else # note: we're not using the gpg_host function because we actually # want to use gpg's UI in this case, so we want to omit --no-tty - revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \ + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \ || failure "Failed to generate revocation certificate!" fi diff --git a/src/share/mh/revoke_name b/src/share/mh/revoke_name new file mode 100644 index 0000000..532cb30 --- /dev/null +++ b/src/share/mh/revoke_name @@ -0,0 +1,72 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host revoke-hostname subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2010, and are all released under the GPL, +# version 3 or later. + +# revoke service name user ID from host key + +revoke_name() { + +local serviceName +local keyID +local fingerprint +local tmpuidMatch +local line +local message +local revuidCommand + +if [ -z "$1" ] ; then + failure "You must specify a service name to revoke." +fi +serviceName="$1" +shift + +keyID=$(check_key_input "$@") + +# make sure the user ID to revoke exists +check_key_userid "$keyID" "$serviceName" || \ + failure "No non-revoked service name found matching '$serviceName'." + +if [ "$PROMPT" != "false" ] ; then + printf "The following service name on key '$keyID' will be revoked:\n %s\nAre you sure you would like to revoke this service name? (Y/n) " "$serviceName" >&2 + read OK; OK=${OK:=Y} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "User ID not revoked." + fi +else + log debug "revoking service name without prompting." +fi + +# actually revoke: + +# the gpg secring might not contain the host key we are trying to +# revoke (let alone any selfsig over that host key), but the plain +# --export won't contain the secret key. "keytrans revokeuserid" +# needs access to both pieces, so we feed it both of them. + +if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$keyID") \ + | "$SYSSHAREDIR/keytrans" revokeuserid "$keyID" "$serviceName" \ + | gpg_host --import ; then + + gpg_host --check-trustdb + + update_pgp_pub_file + + show_key "$keyID" + + echo + echo "NOTE: Service name revoked, but revocation not published." + echo "Run '$PGRM publish-key' to publish the revocation." +else + failure "Problem revoking service name." +fi + +} diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 9889e76..68a8dfd 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -11,18 +11,32 @@ # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. set_expire() { -local extendTo +local extendBy +local keyID + +if [ -z "$1" ] ; then + cat <<EOF >&2 +Must specify expiration. The possibilities are: + 0 = key does not expire + <n> = key expires in n days + <n>w = key expires in n weeks + <n>m = key expires in n months + <n>y = key expires in n years +EOF + failure +fi +extendBy="$1" +shift -# get the new expiration date -extendTo=$(get_gpg_expiration "$1") +keyID=$(check_key_input "$@") -if [ "$PROMPT" = "true" ] ; then - printf "Are you sure you want to change the expiration on the host key to '%s'? (Y/n) " "$extendTo" >&2 +if [ "$PROMPT" != "false" ] ; then + printf "Are you sure you want to change the expiration on key '$keyID' by '%s'? (Y/n) " "$extendBy" >&2 read OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "expiration not set." @@ -31,18 +45,18 @@ else log debug "extending without prompting." fi -log info "setting host key expiration to ${extendTo}." +log info "setting key expiration to ${extendBy}." -log debug "executing host expire script..." -gpg_host_edit expire <<EOF -$extendTo +log debug "executing key expire script..." +gpg_host_edit "0x${keyID}!" expire <<EOF +$extendBy save EOF -update_gpg_pub_file +update_pgp_pub_file log info <<EOF -NOTE: Host key expiration date adjusted, but not yet published. +NOTE: Key expiration date adjusted, but not yet published. Run '$PGRM publish-key' to publish the new expiration date. EOF diff --git a/src/transitions/0.28 b/src/transitions/0.28 new file mode 100755 index 0000000..5da6ab1 --- /dev/null +++ b/src/transitions/0.28 @@ -0,0 +1,25 @@ +#!/bin/bash + +# This is a post-install script for monkeysphere, to transition an old +# (<0.28) setup to the new (>=0.28) setup. + +# You should be able to run this script after any version >= 0.23 is +# installed. This script should be well-behaved, even if it is run +# repeatedly. + +# Written by +# Jameson Rollins <jrollins@finestructure.net> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# Copyright 2010, released under the GPL, version 3 or later + +# any unexpected errors should cause this script to bail: +set -e + +SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"} + +OLD_HOST_KEY_FILE="$SYSDATADIR"/ssh_host_rsa_key.pub.gpg +if [ -f "$OLD_HOST_KEY_FILE" ] ; then + monkeysphere-host update-pgp-pub-file + rm -f "$OLD_HOST_KEY_FILE" +fi diff --git a/tests/basic b/tests/basic index 6fe3237..4ceabd4 100755 --- a/tests/basic +++ b/tests/basic @@ -10,7 +10,7 @@ # Jameson Rollins <jrollins@fifthhorseman.net> # Micah Anderson <micah@riseup.net> # -# Copyright: 2008-2009 +# Copyright: © 2008-2010 # License: GPL v3 or later # these tests should all be able to run as a non-privileged user. @@ -73,7 +73,7 @@ ssh_test() { # make a client connection to the socket echo "##### starting ssh client..." ssh-agent bash -c \ - "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost} true" \ + "monkeysphere subkey-to-ssh-agent && ssh -F $TEMPDIR/testuser/.ssh/config ${target_hostname:-testhost.example} true" \ || RETURN="$?" # kill the sshd process if it's still running @@ -133,6 +133,8 @@ export MONKEYSPHERE_SYSCONFIGDIR="$TEMPDIR" export MONKEYSPHERE_SYSSHAREDIR="$TESTDIR"/../src/share export MONKEYSPHERE_MONKEYSPHERE_USER=$(whoami) +HOST_KEY_FILE="$MONKEYSPHERE_SYSCONFIGDIR"/host_keys.pub.pgp + export MONKEYSPHERE_CHECK_KEYSERVER=false # example.org does not respond to the HKP port, so this should cause # any keyserver connection attempts that do happen (they shouldn't!) @@ -250,13 +252,13 @@ echo echo "##################################################" echo "### import host key..." ssh-keygen -b 1024 -t rsa -N '' -f "$TEMPDIR"/ssh_host_rsa_key -monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key testhost +monkeysphere-host import-key "$TEMPDIR"/ssh_host_rsa_key ssh://testhost.example echo echo "##################################################" echo "### getting host key fingerprint..." -HOSTKEYID=$( monkeysphere-host show-key | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) -echo "$HOSTKEYID" +SSHHOSTKEYID=$( monkeysphere-host show-keys | grep '^OpenPGP fingerprint: ' | cut -f3 -d\ ) +echo "$SSHHOSTKEYID" # change host key expiration echo @@ -270,8 +272,8 @@ monkeysphere-host set-expire 1 echo echo "##################################################" echo "### certifying server host key..." -< "$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpgadmin --import -echo y | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" +< "$HOST_KEY_FILE" gpgadmin --import +echo y | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" # FIXME: add revoker? @@ -295,7 +297,7 @@ EOF monkeysphere-authentication setup get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf -# add admin as identity certifier for testhost +# add admin as identity certifier for testhost.example echo echo "##################################################" echo "### adding admin as certifier..." @@ -321,7 +323,7 @@ monkeysphere gen-subkey echo echo "##################################################" echo "### export server key to testuser..." -gpgadmin --armor --export "$HOSTKEYID" | gpg --import +gpgadmin --armor --export "$SSHHOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo @@ -340,6 +342,12 @@ monkeysphere-authentication update-users $(whoami) ###################################################################### ### TESTS +## see whether keys-for-userid works from the client's perspective: +echo +echo "##################################################" +echo "### testing monkeysphere keys-for-userid ..." +diff -q <( monkeysphere keys-for-userid ssh://testhost.example ) <( cut -f1,2 -d' ' < "$TEMPDIR"/ssh_host_rsa_key.pub ) + # connect to test sshd, using monkeysphere ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo @@ -495,43 +503,41 @@ ssh_test echo echo "##################################################" -echo "### ssh connection test directly to 'testhost2' without new name..." -target_hostname=testhost2 ssh_test 255 +echo "### ssh connection test directly to 'testhost2.example' without new name..." +target_hostname=testhost2.example ssh_test 255 echo echo "##################################################" -echo "### add hostname, certify by admin, import by user..." -monkeysphere-host add-hostname testhost2 -< "$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg gpgadmin --import -printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$HOSTKEYID" +echo "### add servicename, certify by admin, import by user..." +monkeysphere-host add-servicename ssh://testhost2.example +<"$HOST_KEY_FILE" gpgadmin --import +printf "y\ny\n" | gpgadmin --command-fd 0 --sign-key "$SSHHOSTKEYID" echo echo "##################################################" -echo "### ssh connection test with hostname 'testhost2' added..." -gpgadmin --export "$HOSTKEYID" | gpg --import +echo "### ssh connection test with hostname 'testhost2.example' added..." +gpgadmin --export "$SSHHOSTKEYID" | gpg --import gpg --check-trustdb ssh_test echo echo "##################################################" -echo "### ssh connection test directly to 'testhost2' ..." -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg +echo "### ssh connection test directly to 'testhost2.example' ..." +gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb -target_hostname=testhost2 ssh_test +target_hostname=testhost2.example ssh_test echo echo "##################################################" -echo "### ssh connection test for failure with 'testhost2' revoked..." -monkeysphere-host revoke-hostname testhost2 -gpg --import <"$MONKEYSPHERE_SYSCONFIGDIR"/ssh_host_rsa_key.pub.gpg +echo "### ssh connection test for failure with 'testhost2.example' revoked..." +monkeysphere-host revoke-servicename ssh://testhost2.example +gpg --import <"$HOST_KEY_FILE" gpg --check-trustdb -target_hostname=testhost2 ssh_test 255 +target_hostname=testhost2.example ssh_test 255 # FIXME: addtest: remove admin as id-certifier and check ssh failure # FIXME: addtest: how do we test that set-expire makes sense after new -# hostnames have been added? - -# FIXME: addtest: revoke the host key and check ssh failure +# servicenames have been added? # test to make sure things are OK after the previous tests: echo @@ -545,10 +551,23 @@ ssh_test echo echo "##################################################" -echo "### revoking host key..." +echo "### Testing TLS setup..." + +openssl req -config "$TESTDIR"/openssl.cnf -x509 -newkey rsa:1024 -subj '/DC=example/DC=testhost/CN=testhost.example/' -days 3 -keyout "$TEMPDIR"/tls_key.pem -nodes >"$TEMPDIR"/tls_cert.pem +monkeysphere-host import-key "$TEMPDIR"/tls_key.pem https://testhost.example + +# FIXME: how can we test this via an https client? +# We don't currently provide one. + +# FIXME: should we test other monkeysphere-host operations somehow now +# that we have more than one key in the host keyring? + +echo +echo "##################################################" +echo "### revoking ssh host key..." # generate the revocation certificate and feed it directly to the test # user's keyring (we're not publishing to the keyservers) -monkeysphere-host revoke-key | gpg --import +monkeysphere-host revoke-key "$SSHHOSTKEYID" | gpg --import echo echo "##################################################" echo "### ssh connection test for failure..." diff --git a/tests/keytrans b/tests/keytrans index 8808cbc..411b42e 100755 --- a/tests/keytrans +++ b/tests/keytrans @@ -106,8 +106,8 @@ diff -u \ <(hd "$TEMPDIR"/secret.key) \ <(hd "$TEMPDIR"/converted.secret.key) - -KEYID=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d: | cut -b25-40) +KEYFPR=$(gpg --fingerprint --with-colons --list-keys | grep ^fpr | cut -f10 -d:) +KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40) echo "conversions look good!" @@ -162,6 +162,49 @@ EOF diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) +echo "##################################################" +echo "### test working with two primary keys ... " + +ssh-keygen -t rsa -b 1024 -N '' -f "$TEMPDIR"/newkey + +PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \ +PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \ + < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg + +NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg keytrans listfprs) +NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40) + +< "$TEMPDIR"/newkey.gpg gpg --import + +< "$TEMPDIR"/secring.gpg \ +PEM2OPENPGP_TIMESTAMP="$timestamp" \ + keytrans adduserid "$KEYID" "baz" | gpg --import + +cat >"$TEMPDIR"/expectedout <<EOF +pub:u:1024:1:$KEYID:$timestamp:::u:::scSC: +uid:u::::$timestamp::E90EC72E68C6C2A0751DADC70F54F60D27B88C3D::monkeymonkey: +sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: +uid:r::::::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest: +sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: +rev:!::1:$KEYID:$revtime::::monkeymonkey:30x: +uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz: +sig:!::1:$KEYID:$timestamp::::monkeymonkey:13x: +pub:-:1024:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA: +uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar: +sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x: +EOF + +echo "test: diff expected gpg list output" +diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons --fixed-list-mode | grep -v ^tru) + +sort >"$TEMPDIR"/expectedout <<EOF +$KEYFPR +$NEWKEYFPR +EOF + +echo "test: diff expected keytrans listfpr output" +diff -u "$TEMPDIR"/expectedout <( < "$TEMPDIR"/secring.gpg keytrans listfprs | sort ) + ## FIXME: addtest: not testing subkeys at the moment. diff --git a/tests/openssl.cnf b/tests/openssl.cnf new file mode 100644 index 0000000..3456dc5 --- /dev/null +++ b/tests/openssl.cnf @@ -0,0 +1,26 @@ +# OpenSSL configuration for the purposes of the monkeysphere test suite: + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . +RANDFILE = $ENV::HOME/.rnd + +[ req ] +attributes = req_attributes +x509_extensions = monkeysphere_self_signed +distinguished_name = req_dn +attributes = req_attrs + +[ monkeysphere_self_signed ] + +# Just generate an X.509 cert that is for specific use as a TLS server +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +nsCertType = server + +[ req_dn ] +commonName = Common Name +commonName_max = 64 + +[ req_attrs ] diff --git a/utils/build-releasenote b/utils/build-releasenote index 1dee649..cac0869 100755 --- a/utils/build-releasenote +++ b/utils/build-releasenote @@ -1,10 +1,18 @@ #!/bin/bash -VERSION=`head -n1 packaging/debian/changelog | sed 's/.*(\([^)]*\)).*/\1/'` +# script to build a release announcement for the Monkeysphere +# if you're running this, you probably also want to read through +# the checklist in utils/preparing-release. + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Copyright: © 2008-2010 +# License: GPL, v3 or later + +VERSION=`head -n1 changelog | sed 's/.*(\([^)]*\)).*/\1/'` { sed "s/__VERSION__/$VERSION/g" < utils/releasenote.header - head -n$(( $(grep -n '^ --' packaging/debian/changelog | head -n1 | cut -f1 -d:) - 2 )) packaging/debian/changelog | tail -n+3 + head -n$(( $(grep -n '^ --' changelog | head -n1 | cut -f1 -d:) - 2 )) changelog | tail -n+3 sed "s/__VERSION__/$VERSION/g" < utils/releasenote.footer } > "website/news/release-$VERSION.mdwn" diff --git a/utils/preparing-release b/utils/preparing-release index 3273c1c..8ecbc00 100644 --- a/utils/preparing-release +++ b/utils/preparing-release @@ -1,7 +1,7 @@ ### Notes about preparing a release for the monkeysphere ### - * make sure that packaging/debian/changelog has a reasonable version - number. + * make sure that changelog and packaging/debian/changelog both have + reasonable version numbers. * have the monkeysphere archive signing key handy! diff --git a/website/community.mdwn b/website/community.mdwn index 3ae81c1..492703b 100644 --- a/website/community.mdwn +++ b/website/community.mdwn @@ -38,6 +38,10 @@ the following from inside the monkeysphere top level directory: This command will build an upstream tarball, attach the debian packaging directory, and build a sample deb. +If you want to help extend the scope of the Monkeysphere, take a look +at our +[list of environments that could make use of the project](/expansion). + ### Individual developer repositories ### You might also be interested in the repositories of individual @@ -48,7 +52,7 @@ offering: git clone git://lair.fifthhorseman.net/~dkg/monkeysphere -[Jameson Graef Rollins](http://cmrg.fifthhorseman.net/wiki/jrollins): +[Jameson Rollins](http://cmrg.fifthhorseman.net/wiki/jrollins): git clone git://lair.fifthhorseman.net/~jrollins/monkeysphere diff --git a/website/download.mdwn b/website/download.mdwn index d235294..d41c3a7 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -86,38 +86,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.26.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.28.orig.tar.gz) is also available, and has these checksums: <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 -checksums for the monkeysphere 0.26 release: +checksums for the monkeysphere 0.28 release: MD5: -f0e5fe66a9affd951e601ea5d6188972 monkeysphere_0.26.orig.tar.gz +b66f671ec48725a0eb55de7de4d7ce6d monkeysphere_0.28.orig.tar.gz SHA1: -de0125e43c8c7d7d98f45f9395576ff06e150307 monkeysphere_0.26.orig.tar.gz +ead634e0ea0a795e8a96812b7397d318a4be54b0 monkeysphere_0.28.orig.tar.gz SHA256: -e743a0642f0da5d6ecea6cb3c8ff6c05ac56a094c351a7fdca2a4a707fe05c00 monkeysphere_0.26.orig.tar.gz +b463577d36d6e8f5eb698d8e3c75d27bcfb3f928628c128f5d342e8a83bef6f2 monkeysphere_0.28.orig.tar.gz -----BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) - -iQIVAwUBSnSzIRjmZ/HrivMUAQqQdw//SZ5OrjB+FFe/+sRyRBv3YcjSO7Iif8uo -ZG8LPbba9v0qUT/pOvMTXij2Wm3dFwgphrNCJgYriHx/0MdvPuHpz+TXRIVFRD7Q -CNHrG9kuf6BFClqyQwqD1/5FMehu8hEWm0DdyEhB5pUcHzo9ExpjFGGImpI/XvZz -/HWL7hCoZvJ8iBKyZ0dNSbDZA8WcWkYVKbc42sYYpqHM4kVjfQq37vUDBgq78d4d -rTDiEF1+4kuwZtKKxJq8woN9+/5atpknFcnICSOobeX1PAOkj96yEAczr39pQNam -3z2YjdQM0tJsGjguYIiYxwUAs38a/p+rX7+PvS5xY85RCLSsgOplnhSLXluXp5fO -7Ok2FFmimxYcNfsKFaJQiOa3OaRW6u15+sxb7KNC+raNVwyw8fsaDe7eKGx/xQI5 -fnvjFHJDM3HwzBSRNcBZNacsMAfq0jaN4BAalv9nzpcynsG+vkNI6mus9eopC9/n -9UwhMRpObndSjNoR/Erbh99jv0mvTeqdG9h9Kjbr38TT5qLWSYRftK7FHglZMmzN -or3lgUs3bTc6bJlWE9YvGlwEduaaEY0us7fW4nPDQhT+OCHCrjCBk1ppA4SzAnE1 -qTUt5Fa7vjLPaefT58qKRXlglUhsbtVabVoeCFKBFvAebm/XS3kPh2P9Qfk6azQ7 -iJM65kCCil0= -=tyHC +Version: GnuPG v1.4.10 (GNU/Linux) + +iQIVAwUBS1YAyBjmZ/HrivMUAQqbBBAAqhnDfDZukFUDEN6Y164o/AXMtBO20KUg +GyrgjgJElQJC2oz9OooNJ60iPSOz/G+Wu5lSMnRqdKU8x50F7ogYE1Gnd+8J3c2G +1ciDQbLrR7pE2jua7xyfA+SQgg3bSgSN/7Jl61+OosQpcI/WnJvOQWKA6TI+iRGC +B4g87ZRSRUAVZoFDRY0lBINP70+riGrYm8b2tgp7FbpgVBtUFL8gsmxnPZ7cGYF2 +yTwg9ZCAlDQ6LIZ7DAwb2lUAtAHtlLfAhulr3qLW2SNc95vcJ7Ss7CjgIuCL8qTe +2zX2fysG7Hgbi0G0GNjv+yomOFlRGWC1Gf3pv0Clmy7cVgIgcP61nE3djFSYa9vk +k7cKtppNEzoleEjz+dMIOezcXCdLO2g+sQfpaYU5acRp95ouCaXYINS8DYDkaKwj +Wjra6BSCbClzZYblOJIlCmK4JJPE4EB8NShL/VXSwV8uvtNniGNpGHeHqaKvbT+Y +RYlCzL+/Ruyv1dQbtiBtErB8yP+psheoQYk6lU7nNy+MTH+R/xXrbHxptSDRQwru +O1hbfONnEK6JfdVQI4zEBuBz8NVuZPPQqqy1mxLSWMxWKz4GtNbTXOR1tRFVqlxk +eCTYdhhyIz7gu8EUwvTLZoqKOB6kQWS1ygycFRi/g+DOOXuSpazF5XmutF6HpJx1 +1nK2WBl5loE= +=164p -----END PGP SIGNATURE----- </pre> diff --git a/website/expansion.mdwn b/website/expansion.mdwn new file mode 100644 index 0000000..13f368a --- /dev/null +++ b/website/expansion.mdwn @@ -0,0 +1,49 @@ +[[meta title="Expanding the Monkeysphere"]] + +# Expanding the Monkeysphere # + +The Monkeysphere currently has implementations that support two +popular protocols in use on the internet today: + + * SSH: Monkeysphere supports the OpenSSH implementation of the Secure + Shell protocol, for authenticating both hosts and users. + + * HTTPS: Monkeysphere supports secure web traffic by allowing users + of Mozilla-based browsers (such as + [Firefox](http://www.mozilla.com/en-US/firefox) or + [Iceweasel](http://wiki.debian.org/Iceweasel)) to authenticate web + sites that are not authenticated by the browser's built-in X.509 + verification. This should work with any HTTPS-capable web server. + +But there are many protocols and implementations on the 'net that +could use the Monkeysphere for key-based authentication but currently +do not. Here are some examples of places we think it could be useful. +If you can help with these (or suggest others), please pitch in! + + * HTTPS client authentication: web servers should be able to + authenticate clients that use asymmetric crypto. That is, the + client holds an RSA secret key, offers a (potentially self-signed) + X.509 Cert to the server as part of the TLS handshake, and the + server verifies the key material and commonName or subjectAltName + in the cert via the OpenPGP web of trust. + + * Other TLS connections: for example, SMTP services using STARTTLS + (server-to-server and client-to-server), IMAP or POP daemons (using + STARTTLS or a direct TLS wrapper), LDAP servers (or LDAPS), XMPP + connections (client-to-server and server-to-server) + + * IRC connections: this could be at the TLS layer, or maybe via some + exchange with the NickServ? + + * [OTR](http://www.cypherpunks.ca/otr) client-to-client handshakes. + + * Integration with + [OpenPGP Certificates for TLS (RFC 5081)](http://tools.ietf.org/html/rfc5081) + -- TLS clients or servers who receive an OpenPGP certificate from + their peer should be able to ask some part of the Monkeysphere + toolchain if the particular certificate is valid for the + connection. + + * [PKINIT](http://tools.ietf.org/html/rfc4556) for + [Kerberos](http://web.mit.edu/Kerberos/) + diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index aad4251..ab0acc6 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -1,8 +1,8 @@ Monkeysphere Server Administrator README ======================================== - Note: This documentation is for Monkeysphere version 0.23 or later. - If you are running a version prior to 0.23, we recommend that you upgrade. + Note: This documentation is for Monkeysphere version 0.28 or later. + If you are running a version prior to 0.28, we recommend that you upgrade. As the administrator of an SSH server, you can take advantage of the Monkeysphere in two ways: @@ -25,11 +25,11 @@ To begin, you must first import an ssh host key. This assumes that you have the ssh server installed, and that you have generated a host RSA key. Once that has been done, import the key: - # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net + # monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key ssh://server.example.net This will generate an OpenPGP certificate for the server. The primary user ID for this certificate will be the ssh service URI for the host, -(eg. `ssh://server.example.net`). Remember that the name you provide +(e.g. `ssh://server.example.net`). Remember that the name you provide here should probably be a fully qualified domain name for the host in order for your users to find it. diff --git a/website/local.css b/website/local.css index b2d86c7..4a2d992 100644 --- a/website/local.css +++ b/website/local.css @@ -5,7 +5,7 @@ Copyright: 2008,2009 Authors: Dan Scott, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, -Jameson Graef Rollins <jrollins@finestructure.net>, +Jameson Rollins <jrollins@finestructure.net>, Jamie McClelland <jm@mayfirst.org> License: This stylesheet is licensed under the GNU GPL, version 3 or diff --git a/website/news/release-0.27-1.mdwn b/website/news/release-0.27-1.mdwn new file mode 100644 index 0000000..7c71ad1 --- /dev/null +++ b/website/news/release-0.27-1.mdwn @@ -0,0 +1,19 @@ +[[meta title="Monkeysphere 0.27-1 released!"]] + +Monkeysphere 0.27-1 has been released. + +Notes from the changelog: + +<pre> + * New upstream release: + - fixed monkeysphere gen-subkey subcommand that was erroneously + creating DSA subkeys due to unannounced change in gpg edit-key UI. + Now tests for gpg version (closes MS #1536) + - add new monkeysphere keys-from-userid subcommand to output all + acceptable keys for a given user ID literal + * updated debian/copyright to match the latest revision of DEP5. + * updated standards version to 3.8.3 (no changes needed) + * add cpio to Build-Depends (used in test suite) (Closes: #562444) +</pre> + +[[Download]] it now! diff --git a/website/news/release-0.28.mdwn b/website/news/release-0.28.mdwn new file mode 100644 index 0000000..a77fc03 --- /dev/null +++ b/website/news/release-0.28.mdwn @@ -0,0 +1,15 @@ +[[meta title="Monkeysphere 0.28 released!"]] + +Monkeysphere 0.28 has been released. + +Notes from the changelog: + +<pre> + * Major rework of monkeysphere-host to handle multiple host keys. We + also no longer assume ssh service keys. monkeysphere-host is now a + general-purpose host service OpenPGP key management UI. + * Rename keys-from-userid command to more accurate keys-for-userid + * separate upstream and debian changelogs +</pre> + +[[Download]] it now! |