diff options
-rwxr-xr-x | src/seckey2sshagent | 143 |
1 files changed, 0 insertions, 143 deletions
diff --git a/src/seckey2sshagent b/src/seckey2sshagent deleted file mode 100755 index a516256..0000000 --- a/src/seckey2sshagent +++ /dev/null @@ -1,143 +0,0 @@ -#!/bin/bash - -# seckey2sshagent: this is a hack of a script to cope with the fact -# that openpgp2ssh currently cannot support encrypted secret keys. - -# the basic operating principal is: - -# export the secret key in encrypted format to a new keyring - -# remove the passphrase in that keyring - -# use that keyring with openpgp2ssh - -# Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, -# Jameson Rollins <jrollins@fifthhorseman.net> - -explanation() { - - cat <<EOF -Usage: $0 [GPGID [FILE]] - -The basic strategy of seckey2sshagent is to dump your OpenPGP -authentication key(s) into your agent or a file. With no arguments, -it will add all secret keys in your keyring to the agent. With one -argument, it adds only the specified key to the agent. With two -arguments, it dumps the specified key to FILE, with the pub key in -FILE.pub. - -This script is a gross hack at the moment. It is done by creating a -new, temporary private keyring, letting the user remove the -passphrases from the keys, and then exporting them. The temporary -private keyring is purged from the system. - -When you use this command, you'll find yourself dropped into a GPG -'edit-key' dialog relevant *only* to the temporary private keyring. - -At that point, you should clear the password from your key, with: - - passwd - <enter your current password> - -followed by the empty string for the new password. GPG will ask you -if you're really sure. Answer yes, because this is only relevant to -the temporary keyring. Then, do: - - save - -At this point, your key will be added to your running ssh-agent with -the alias 'monkeysphere-key' and seckey2sshagent should terminate. -You can check on it with: - - ssh-add -l - -EOF -} - -cleanup() { - echo -n "removing temp gpg home... " 1>&2 - rm -rf "$TMPPRIVATE" - echo "done." 1>&2 -} - -export_sec_key() { - gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import - - GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID" - - # idea to script the password stuff. not working. - # read -s -p "enter gpg password: " PASSWD; echo - # cmd=$(cat <<EOF - # passwd - # $PASSWD - # \n - # \n - # \n - # yes - # save - # EOF - # ) - # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID - - # export secret key to file - GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \ - openpgp2ssh "$GPGID" -} - -# if no hex string is supplied, just print an explanation. -# this covers seckey2sshagent --help, --usage, -h, etc... -if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then - explanation - exit -fi - -# set the file creation umask -umask 077 - -GPGIDS="$1" -if [ "$2" -a ! -e "$2" ] ; then - FILE="$2" -fi - -if [ -z "$GPGIDS" ]; then - # hack: we need to get the list of secret keys, because if you - # --list-secret-keys with no arguments, GPG fails to print the - # capability flags (i've just filed this as - # https://bugs.g10code.com/gnupg/issue945) - KEYIDS=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:) - # default to using all fingerprints of authentication-enabled keys - GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) -fi - -trap cleanup EXIT - -for GPGID in $GPGIDS; do - - TMPPRIVATE=$(mktemp -d) - - # if specified, write key to fail and passprotect - if [ "$FILE" ] ; then - # export secret key to file - export_sec_key > "$TMPPRIVATE/key" - # passprotect file - ssh-keygen -f "${TMPPRIVATE}/key" -p - # move into place - mv "${TMPPRIVATE}/key" "$FILE" - - # export public key - gpg --export "$GPGID" | openpgp2ssh "$GPGID" > "${FILE}.pub" - - # otherwise add to agent - else - KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')'' - - # creating this alias so the key is named "monkeysphere-key" in the - # comment stored by the agent, while never being written to disk in - # SSH form: - ln -s /dev/stdin "${TMPPRIVATE}/${KEYNAME}" - - # export secret key to agent - export_sec_key | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME") - fi - -done |