diff options
33 files changed, 1336 insertions, 220 deletions
@@ -2,7 +2,7 @@ Monkeysphere is a system to use the OpenPGP web-of-trust to authenticate and encrypt ssh connections. It is free software, developed by: - Jameson Rollins <jrollins@fifthhorseman.net> + Jameson Graef Rollins <jrollins@finestructure.net> Daniel Kahn Gillmor <dkg@fifthhorseman.net> Jamie McClelland <jamie@mayfirst.org> Micah Anderson <micah@riseup.net> @@ -29,6 +29,7 @@ tarball: clean debian-package: tarball tar xzf monkeysphere_$(MONKEYSPHERE_VERSION).orig.tar.gz + sed -i "s|__VERSION__|$(MONKEYSPHERE_VERSION)|g" monkeysphere-$(MONKEYSPHERE_VERSION)/src/common cp -a packaging/debian monkeysphere-$(MONKEYSPHERE_VERSION) (cd monkeysphere-$(MONKEYSPHERE_VERSION) && debuild -uc -us) rm -rf monkeysphere-$(MONKEYSPHERE_VERSION) @@ -49,7 +50,7 @@ install: all installman mkdir -p $(DESTDIR)$(PREFIX)/bin $(DESTDIR)$(PREFIX)/sbin $(DESTDIR)$(PREFIX)/share/monkeysphere mkdir -p $(DESTDIR)$(PREFIX)/share/doc/monkeysphere mkdir -p $(DESTDIR)$(ETCPREFIX)/etc/monkeysphere - install src/monkeysphere src/monkeysphere-ssh-proxycommand src/keytrans/openpgp2ssh $(DESTDIR)$(PREFIX)/bin + install src/monkeysphere src/monkeysphere-ssh-proxycommand src/keytrans/openpgp2ssh src/keytrans/pem2openpgp $(DESTDIR)$(PREFIX)/bin install src/monkeysphere-server $(DESTDIR)$(PREFIX)/sbin install -m 0644 src/common $(DESTDIR)$(PREFIX)/share/monkeysphere install doc/* $(DESTDIR)$(PREFIX)/share/doc/monkeysphere diff --git a/doc/george/changelog b/doc/george/changelog index 30aa2b1..24e66f8 100644 --- a/doc/george/changelog +++ b/doc/george/changelog @@ -17,8 +17,12 @@ * Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work * Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs * Rotated the giant logs out - * aptitude update && aptitude full-upgrade +2009-01-11 - dkg + * extended the expiration date for george's key three months into + the future. + * aptitude update && aptitude full-upgrade (brings monkeysphere to + 0.22-1) 2008-10-29 - dkg * aptitude update && aptitude full-upgrade diff --git a/doc/zimmerman/changelog b/doc/zimmermann/changelog index a92557d..8dedf58 100644 --- a/doc/zimmerman/changelog +++ b/doc/zimmermann/changelog @@ -1,12 +1,33 @@ ****************************************************************************** * * -* zimmerman system log * +* zimmermann system log * * * ****************************************************************************** * Please add new entries in reverse chronological order whenever you make * * changes to this system (first command at top, last at bottom) * ****************************************************************************** +2008-11-29 - dkg + * zimmermann now uses an X.509 certificate signed by the MF/PL CA + for its HTTPS connection. + +2008-11-19 - dkg + * added 10 SKS peers as a result of feedback from sks-devel. + * set localtime to America/New_York via dpkg-reconfigure tzdata + * aptitude update && aptitude full-upgrade + * set up /var/lib/sks/www/index.html based on + doc/zimmermann/index.html from this repo. + * made nginx proxy plain ol' HTTP on port 80 also so that SKS does + not need to try to listen on a privileged port. + * turned on initial_stat and stat_hour: 3 in /etc/sks/sksconf + +2008-11-19 - mlc + * aptitude install nginx + * get rid of /etc/nginx/sites-enabled/default + * create /etc/nginx/sites-available/https-proxy and make a symlink + to it in the sites-enabled directory + * invoke-rc.d nginx start + 2008-11-17 - micah * verified the SHA256 values for the key material * /usr/lib/sks/sks_build.sh (chose option #2: normalbuild) diff --git a/doc/zimmermann/https-proxy b/doc/zimmermann/https-proxy new file mode 100644 index 0000000..c4521a7 --- /dev/null +++ b/doc/zimmermann/https-proxy @@ -0,0 +1,14 @@ +server { + listen 443; + server_name zimmermann.mayfirst.org; + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_ciphers HIGH:MEDIUM:!ADH; + + access_log off; + + location / { + proxy_pass http://localhost:11371/; + } +} diff --git a/doc/zimmermann/index.html b/doc/zimmermann/index.html new file mode 100644 index 0000000..e8e36e0 --- /dev/null +++ b/doc/zimmermann/index.html @@ -0,0 +1,73 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> + <head> + <title>SKS Search Page</title> + <meta http-equiv="content-type" content="text/html; charset="utf-8"> + <meta name="author" content="Yaron M. Minsky/Jack Cummings/Daniel Kahn Gillmor"> + </head> + <body text="#000000" bgcolor="#ffffff" link="#000099" vlink="#990099" alink="#000099"> + <h1><a href="http://www.nongnu.org/sks/">SKS OpenPGP Keyserver</a> <br> @zimmermann.mayfirst.org</h1> + <p> SKS is a OpenPGP keyserver whose goal is to provide easy to deploy, decentralized, and highly reliable synchronization. That means that a key submitted to one SKS server will quickly be distributed to all key servers, and even wildly out-of-date servers, or servers that experience spotty connectivity, can fully synchronize with rest of the system. </p> + <p>You can find out more about SKS, along with links to graphs of the network status <a href="http://www.nongnu.org/sks/">here</a>.</p> + <table cellpadding="2" cellspacing="2" border="1" width="600" bgcolor="#ddddff"> + <tr> + <td valign="top"> + <h3>Extract a key</h3> + <p>You can extract a key by typing in some words that appear in the userid + of the key you're looking for, or by typing in the keyid in hex format ("0x...")</p> + <p> + <form action="/pks/lookup" method="get"> + Search String: <input name="search" size="40"> <br> + Show PGP "fingerprints" for keys + <input type="checkbox" name="fingerprint"> <br> + Show SKS full-key hashes + <input type="checkbox" name="hash"> <br> + Search for keys: <br> + <input type="radio" name="op" value="index" CHECKED> get index of matching keys <br> + <input type="radio" name="op" value="vindex"> get verbose index of matching keys <br> + <input type="radio" name="op" value="get"> retrieve ascii-armored keys <br> + <input type="radio" name="op" value="hget"> retrieve keys by full-key hash + <br> + <input type="reset" value="Reset"> + <input type="submit"> + </form> + <br> + </td> + </tr> + <tr> + <td valign="top"> + <h3>Submit a key</h3> + You can submit a key by simply pasting in the ASCII-armored version + of your key and clicking on submit. + <form action="/pks/add" method="post"> + <textarea name="keytext" rows="20" cols="66"></textarea> <br> + <input type="reset" value="Reset"> + <input type="submit" value="Submit this key to the keyserver!"> + </form> + </td> + </tr> + <tr> + <td> + <h3> + Access + </h3> + To use this server directly via HKP add this to your .PGP keyserver list:<br> + +<pre>x-hkp://zimmermann.mayfirst.org +http://zimmermann.mayfirst.org:11371</pre> + + You can also select a random server by adding this to your keyserver list:<br> + +<pre>x-hkp://pool.sks-keyservers.net +http://pool.sks-keyservers.net:11371</pre> + + </td> + </tr> + </tbody> + </table> + +<hr> + [<a href="/pks/lookup?op=stats">Server Status</a>] If you have any questions + about or problems with this server, please <a href="https://support.mayfirst.org/newticket?summary=zimmermann.mayfirst.org%20trouble">open a ticket</a>. + </body> +</html> diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1 index 89df047..8374a9f 100644 --- a/man/man1/openpgp2ssh.1 +++ b/man/man1/openpgp2ssh.1 @@ -90,6 +90,7 @@ only acts on keys associated with the first primary key passed in. If you send it more than one primary key, it will silently ignore later ones. .Sh SEE ALSO +.Xr pem2openpgp 1 , .Xr monkeysphere 1 , .Xr monkeysphere 7 , .Xr ssh 1 , diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 39e4b33..a282c58 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,7 +1,20 @@ -monkeysphere (0.22~pre-1) UNRELEASED; urgency=low +monkeysphere (0.23~pre-1) UNRELEASED; urgency=low * New upstream release: - [ Jameson Rollins ] + - added better checks for the existence of a host private key for + functions that require it to be there. + - add checks for root users, for functions where it is required. + - get rid of getopts. + - added version output option + - check that existing authentication keys are valid in gen_key + function. + + -- Jameson Graef Rollins <jrollins@finestructure.net> Tue, 30 Dec 2008 20:21:16 -0500 + +monkeysphere (0.22-1) unstable; urgency=low + + * New upstream release: + [ Jameson Graef Rollins ] - added info log output when a new key is added to known_hosts file. - added some useful output to the ssh-proxycommand for "marginal" @@ -13,8 +26,10 @@ monkeysphere (0.22~pre-1) UNRELEASED; urgency=low - automatically output two copies of the host's public key: one standard ssh public key file, and the other a minimal OpenPGP key with just the latest valid self-sig. + - debian/control: corrected alternate dependency from procfile to + procmail (which provides /usr/bin/lockfile) - -- Jameson Graef Rollins <jrollins@finestructure.net> Mon, 17 Nov 2008 18:15:43 -0500 + -- Jameson Graef Rollins <jrollins@finestructure.net> Fri, 28 Nov 2008 14:23:31 -0500 monkeysphere (0.21-2) unstable; urgency=low diff --git a/packaging/debian/control b/packaging/debian/control index 4c836b4..52eccf3 100644 --- a/packaging/debian/control +++ b/packaging/debian/control @@ -11,7 +11,7 @@ Dm-Upload-Allowed: yes Package: monkeysphere Architecture: any -Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procfile, adduser, ${shlibs:Depends} +Depends: openssh-client, gnupg, coreutils (>= 6) | base64, lockfile-progs | procmail, adduser, ${shlibs:Depends} Recommends: netcat | socat, ssh-askpass Enhances: openssh-client, openssh-server Description: use the OpenPGP web of trust to verify ssh connections diff --git a/packaging/freebsd/security/monkeysphere/Makefile b/packaging/freebsd/security/monkeysphere/Makefile index 984bc87..24f9b2b 100644 --- a/packaging/freebsd/security/monkeysphere/Makefile +++ b/packaging/freebsd/security/monkeysphere/Makefile @@ -6,7 +6,7 @@ # PORTNAME= monkeysphere -PORTVERSION= 0.19 +PORTVERSION= 0.22 CATEGORIES= security MASTER_SITES= http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/ # hack for debian orig tarballs diff --git a/packaging/freebsd/security/monkeysphere/distinfo b/packaging/freebsd/security/monkeysphere/distinfo index 86aecd1..d6c6e5e 100644 --- a/packaging/freebsd/security/monkeysphere/distinfo +++ b/packaging/freebsd/security/monkeysphere/distinfo @@ -1,3 +1,3 @@ -MD5 (monkeysphere_0.19.orig.tar.gz) = 64c643dd0ab642bbc8814aec1718000e -SHA256 (monkeysphere_0.19.orig.tar.gz) = 321b77c1e10fe48ffbef8491893f5dd22842c35c11464efa7893150ce756a522 -SIZE (monkeysphere_0.19.orig.tar.gz) = 68335 +MD5 (monkeysphere_0.22.orig.tar.gz) = 2bb00c86323409b98aff53f94d9ce0a6 +SHA256 (monkeysphere_0.22.orig.tar.gz) = 2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24 +SIZE (monkeysphere_0.22.orig.tar.gz) = 70245 diff --git a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation index 99c9604..e41c479 100644 --- a/packaging/freebsd/security/monkeysphere/files/patch-sharelocation +++ b/packaging/freebsd/security/monkeysphere/files/patch-sharelocation @@ -20,3 +20,14 @@ export SYSSHAREDIR . "${SYSSHAREDIR}/common" || exit 1 +--- src/monkeysphere-ssh-proxycommand.orig ++++ src/monkeysphere-ssh-proxycommand +@@ -16,7 +16,7 @@ + ######################################################################## + PGRM=$(basename $0) + +-SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} ++SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/local/share/monkeysphere"} + export SYSSHAREDIR + . "${SYSSHAREDIR}/common" || exit 1 + diff --git a/packaging/rpm/howto b/packaging/rpm/howto new file mode 100644 index 0000000..add951e --- /dev/null +++ b/packaging/rpm/howto @@ -0,0 +1 @@ +http://www.rpm-based.org/how-to-create-rpm-package diff --git a/packaging/rpm/monkeysphere.spec b/packaging/rpm/monkeysphere.spec new file mode 100644 index 0000000..9e32837 --- /dev/null +++ b/packaging/rpm/monkeysphere.spec @@ -0,0 +1,40 @@ +Name: monkeysphere +Summary: use the OpenPGP web of trust to verify ssh connections +Version: 0.22~pre +Release: 1 +License: GPLv3 +Group: net +URL: http://web.monkeysphere.info/ + +Source: http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_%{version}.orig.tar.gz + +%description +SSH key-based authentication is tried-and-true, but it lacks a true +Public Key Infrastructure for key certification, revocation and +expiration. Monkeysphere is a framework that uses the OpenPGP web of +trust for these PKI functions. It can be used in both directions: for +users to get validated host keys, and for hosts to authenticate users. + +Monkeysphere is free software released under the GNU General Public +License (GPL). + +%prep +%setup -q + +%build +%{__make} + +%install +%{__rm} -rf %{buildroot} +Prefix=%{buildroot}/usr +%makeinstall + +%clean +%{__rm} -rf %{buildroot} + +%files +%defattr(-, root, root, 0755) + +%changelog +* Sat Nov 22 2008 - +- Initial release. @@ -19,6 +19,9 @@ SYSCONFIGDIR=${MONKEYSPHERE_SYSCONFIGDIR:-"/etc/monkeysphere"} export SYSCONFIGDIR +# monkeysphere version +VERSION=__VERSION__ + ######################################################################## ### UTILITY FUNCTIONS @@ -147,7 +150,7 @@ advance_date() { local shortunits # try things the GNU way first - if date -d "$number $longunits" "$format" >&/dev/null ; then + if date -d "$number $longunits" "$format" >/dev/null 2>&1; then date -d "$number $longunits" "$format" else # otherwise, convert to (a limited version of) BSD date syntax: diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp new file mode 100755 index 0000000..3d9f6f8 --- /dev/null +++ b/src/keytrans/pem2openpgp @@ -0,0 +1,469 @@ +#!/usr/bin/perl -w -T + +# pem2openpgp: take a PEM-encoded RSA private-key on standard input, a +# User ID as the first argument, and generate an OpenPGP secret key +# and certificate from it. + +# WARNING: the secret key material *will* appear on stdout (albeit in +# OpenPGP form) -- if you redirect stdout to a file, make sure the +# permissions on that file are appropriately locked down! + +# Usage: + +# pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import + +# Authors: +# Jameson Rollins <jrollins@finestructure.net> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> + +# Started on: 2009-01-07 02:01:19-0500 + +# License: GPL v3 or later (we may need to adjust this given that this +# connects to OpenSSL via perl) + +use strict; +use warnings; +use Crypt::OpenSSL::RSA; +use Crypt::OpenSSL::Bignum; +use Crypt::OpenSSL::Bignum::CTX; +use Digest::SHA1; +use MIME::Base64; + +## make sure all length() and substr() calls use bytes only: +use bytes; + +my $uid = shift; + +# FIXME: fail if there is no given user ID; or should we default to +# hostname_long() from Sys::Hostname::Long ? + + + +# see RFC 4880 section 9.1 (ignoring deprecated algorithms for now) +my $asym_algos = { rsa => 1, + elgamal => 16, + dsa => 17, + }; + +# see RFC 4880 section 9.2 +my $ciphers = { plaintext => 0, + idea => 1, + tripledes => 2, + cast5 => 3, + blowfish => 4, + aes128 => 7, + aes192 => 8, + aes256 => 9, + twofish => 10, + }; + +# see RFC 4880 section 9.3 +my $zips = { uncompressed => 0, + zip => 1, + zlib => 2, + bzip2 => 3, + }; + +# see RFC 4880 section 9.4 +my $digests = { md5 => 1, + sha1 => 2, + ripemd160 => 3, + sha256 => 8, + sha384 => 9, + sha512 => 10, + sha224 => 11, + }; + +# see RFC 4880 section 5.2.3.21 +my $usage_flags = { certify => 0x01, + sign => 0x02, + encrypt_comms => 0x04, + encrypt_storage => 0x08, + encrypt => 0x0c, ## both comms and storage + split => 0x10, # the private key is split via secret sharing + authenticate => 0x20, + shared => 0x80, # more than one person holds the entire private key + }; + +# see RFC 4880 section 4.3 +my $packet_types = { pubkey_enc_session => 1, + sig => 2, + symkey_enc_session => 3, + onepass_sig => 4, + seckey => 5, + pubkey => 6, + sec_subkey => 7, + compressed_data => 8, + symenc_data => 9, + marker => 10, + literal => 11, + trust => 12, + uid => 13, + pub_subkey => 14, + uat => 17, + symenc_w_integrity => 18, + mdc => 19, + }; + +# see RFC 4880 section 5.2.1 +my $sig_types = { binary_doc => 0x00, + text_doc => 0x01, + standalone => 0x02, + generic_certification => 0x10, + persona_certification => 0x11, + casual_certification => 0x12, + positive_certification => 0x13, + subkey_binding => 0x18, + primary_key_binding => 0x19, + key_signature => 0x1f, + key_revocation => 0x20, + subkey_revocation => 0x28, + certification_revocation => 0x30, + timestamp => 0x40, + thirdparty => 0x50, + }; + + +# see RFC 4880 section 5.2.3.1 +my $subpacket_types = { sig_creation_time => 2, + sig_expiration_time => 3, + exportable => 4, + trust_sig => 5, + regex => 6, + revocable => 7, + key_expiration_time => 9, + preferred_cipher => 11, + revocation_key => 12, + issuer => 16, + notation => 20, + preferred_digest => 21, + preferred_compression => 22, + keyserver_prefs => 23, + preferred_keyserver => 24, + primary_uid => 25, + policy_uri => 26, + usage_flags => 27, + signers_uid => 28, + revocation_reason => 29, + features => 30, + signature_target => 31, + embedded_signature => 32, + }; + +# bitstring (see RFC 4880 section 5.2.3.24) +my $features = { mdc => 0x01 + }; + +# bitstring (see RFC 4880 5.2.3.17) +my $keyserver_prefs = { nomodify => 0x80 + }; + +###### end lookup tables ###### + +# FIXME: if we want to be able to interpret openpgp data as well as +# produce it, we need to produce key/value-swapped lookup tables as well. + + +########### Math/Utility Functions ############## + + +# see the bottom of page 43 of RFC 4880 +sub simple_checksum { + my $bytes = shift; + + return unpack("%32W*",$bytes) % 65536; +} + +# calculate the multiplicative inverse of a mod b this is euclid's +# extended algorithm. For more information see: +# http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm the +# arguments here should be Crypt::OpenSSL::Bignum objects. $a should +# be the larger of the two values, and the two values should be +# coprime. + +sub modular_multi_inverse { + my $a = shift; + my $b = shift; + + my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); + my $x = Crypt::OpenSSL::Bignum->zero(); + my $y = Crypt::OpenSSL::Bignum->one(); + my $lastx = Crypt::OpenSSL::Bignum->one(); + my $lasty = Crypt::OpenSSL::Bignum->zero(); + + while (! $b->is_zero()) { + my ($quotient, $remainder) = $a->div($b, $ctx); + + $a = $b; + $b = $remainder; + + my $temp = $x; + $x = $lastx->sub($quotient->mul($x, $ctx)); + $lastx = $temp; + + $temp = $y; + $y = $lasty->sub($quotient->mul($y, $ctx)); + $lasty = $temp; + } + + if (!$a->is_one()) { + die "did this math wrong.\n"; + } + + return $lastx; +} + + +############ OpenPGP formatting functions ############ + +# make an old-style packet out of the given packet type and body. +# old-style (see RFC 4880 section 4.2) +sub make_packet { + my $type = shift; + my $body = shift; + + my $len = length($body); + + my $lenbytes; + my $lencode; + + if ($len < 2**8) { + $lenbytes = 0; + $lencode = 'C'; + } elsif ($len < 2**16) { + $lenbytes = 1; + $lencode = 'n'; + } elsif ($len < 2**31) { + ## not testing against full 32 bits because i don't want to deal + ## with potential overflow. + $lenbytes = 2; + $lencode = 'N'; + } else { + ## what the hell do we do here? + $lenbytes = 3; + $lencode = ''; + } + + return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len). + $body; +} + + +# takes a Crypt::OpenSSL::Bignum, returns it formatted as OpenPGP MPI +# (RFC 4880 section 3.2) +sub mpi_pack { + my $num = shift; + + my $val = $num->to_bin(); + my $mpilen = length($val)*8; + +# this is a kludgy way to get the number of significant bits in the +# first byte: + my $bitsinfirstbyte = length(sprintf("%b", ord($val))); + + $mpilen -= (8 - $bitsinfirstbyte); + + return pack('n', $mpilen).$val; +} + +# FIXME: genericize these to accept either RSA or DSA keys: +sub make_rsa_pub_key_body { + my $key = shift; + my $timestamp = shift; + + my ($n, $e) = $key->get_key_parameters(); + + return + pack('CN', 4, $timestamp). + pack('C', $asym_algos->{rsa}). + mpi_pack($n). + mpi_pack($e); +} + +sub make_rsa_sec_key_body { + my $key = shift; + my $timestamp = shift; + + # we're not using $a and $b, but we need them to get to $c. + my ($n, $e, $d, $p, $q) = $key->get_key_parameters(); + + my $secret_material = mpi_pack($d). + mpi_pack($p). + mpi_pack($q). + mpi_pack(modular_multi_inverse($p, $q)); + + # according to Crypt::OpenSSL::RSA, the closest value we can get out + # of get_key_parameters is 1/q mod p; but according to sec 5.5.3 of + # RFC 4880, we're actually looking for u, the multiplicative inverse + # of p, mod q. This is why we're calculating the value directly + # with modular_multi_inverse. + + return + pack('CN', 4, $timestamp). + pack('C', $asym_algos->{rsa}). + mpi_pack($n). + mpi_pack($e). + pack('C', 0). # seckey material is not encrypted -- see RFC 4880 sec 5.5.3 + $secret_material. + pack('n', simple_checksum($secret_material)); +} + +# expects an RSA key (public or private) and a timestamp +sub fingerprint { + my $key = shift; + my $timestamp = shift; + + my $rsabody = make_rsa_pub_key_body($key, $timestamp); + + return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); +} + +# we're just not dealing with newline business right now. slurp in +# the whole file. +undef $/; +my $buf = <STDIN>; + + +my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf); + +$rsa->use_sha1_hash(); + +# see page 22 of RFC 4880 for why i think this is the right padding +# choice to use: +$rsa->use_pkcs1_padding(); + +if (! $rsa->check_key()) { + die "key does not check"; +} + +my $version = pack('C', 4); +# strong assertion of identity: +my $sigtype = pack('C', $sig_types->{positive_certification}); +# RSA +my $pubkey_algo = pack('C', $asym_algos->{rsa}); +# SHA1 +my $hash_algo = pack('C', $digests->{sha1}); + +# FIXME: i'm worried about generating a bazillion new OpenPGP +# certificates from the same key, which could easily happen if you run +# this script more than once against the same key (because the +# timestamps will differ). How can we prevent this? + +# could an environment variable (if set) override the current time, to +# be able to create a standard key? If we read the key from a file +# instead of stdin, should we use the creation time on the file? +my $timestamp = time(); + +my $creation_time_packet = pack('CCN', 5, $subpacket_types->{sig_creation_time}, $timestamp); + + +# FIXME: HARDCODED: what if someone wants to select a different set of +# usage flags? For now, we do only authentication because that's what +# monkeysphere needs. +my $usage_packet = pack('CCC', 2, $subpacket_types->{usage_flags}, $usage_flags->{authenticate}); + + +# FIXME: HARDCODED: how should we determine how far off to set the +# expiration date? default is to expire in 2 days, which is insanely +# short (but good for testing). The user ought to be able to decide +# this directly, rather than having to do "monkeysphere-server +# extend-key". +my $expires_in = 86400*2; +my $expiration_packet = pack('CCN', 5, $subpacket_types->{key_expiration_time}, $expires_in); + + +# prefer AES-256, AES-192, AES-128, CAST5, 3DES: +my $pref_sym_algos = pack('CCCCCCC', 6, $subpacket_types->{preferred_cipher}, + $ciphers->{aes256}, + $ciphers->{aes192}, + $ciphers->{aes128}, + $ciphers->{cast5}, + $ciphers->{tripledes} + ); + +# prefer SHA-1, SHA-256, RIPE-MD/160 +my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest}, + $digests->{sha1}, + $digests->{sha256}, + $digests->{ripemd160} + ); + +# prefer ZLIB, BZip2, ZIP +my $pref_zip_algos = pack('CCCCC', 4, $subpacket_types->{preferred_compression}, + $zips->{zlib}, + $zips->{bzip2}, + $zips->{zip} + ); + +# we support the MDC feature: +my $feature_subpacket = pack('CCC', 2, $subpacket_types->{features}, + $features->{mdc}); + +# keyserver preference: only owner modify (???): +my $keyserver_pref = pack('CCC', 2, $subpacket_types->{keyserver_prefs}, + $keyserver_prefs->{nomodify}); + +my $subpackets_to_be_hashed = + $creation_time_packet. + $usage_packet. + $expiration_packet. + $pref_sym_algos. + $pref_hash_algos. + $pref_zip_algos. + $feature_subpacket. + $keyserver_pref; + +my $subpacket_octets = pack('n', length($subpackets_to_be_hashed)); + +my $sig_data_to_be_hashed = + $version. + $sigtype. + $pubkey_algo. + $hash_algo. + $subpacket_octets. + $subpackets_to_be_hashed; + +my $pubkey = make_rsa_pub_key_body($rsa, $timestamp); +my $seckey = make_rsa_sec_key_body($rsa, $timestamp); + +my $key_data = make_packet($packet_types->{pubkey}, $pubkey); + +# take the last 8 bytes of the fingerprint as the keyid: +my $keyid = substr(fingerprint($rsa, $timestamp), 20 - 8, 8); + +# the v4 signature trailer is: + +# version number, literal 0xff, and then a 4-byte count of the +# signature data itself. +my $trailer = pack('CCN', 4, 0xff, length($sig_data_to_be_hashed)); + +my $uid_data = + pack('CN', 0xb4, length($uid)). + $uid; + +my $datatosign = + $key_data. + $uid_data. + $sig_data_to_be_hashed. + $trailer; + +my $data_hash = Digest::SHA1::sha1_hex($datatosign); + + +my $issuer_packet = pack('CCa8', 9, $subpacket_types->{issuer}, $keyid); + +my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign)); + +my $sig_body = + $sig_data_to_be_hashed. + pack('n', length($issuer_packet)). + $issuer_packet. + pack('n', hex(substr($data_hash, 0, 4))). + mpi_pack($sig); + +print + make_packet($packet_types->{seckey}, $seckey). + make_packet($packet_types->{uid}, $uid). + make_packet($packet_types->{sig}, $sig_body); + + diff --git a/src/monkeysphere b/src/monkeysphere index 7e800cc..463a1b1 100755 --- a/src/monkeysphere +++ b/src/monkeysphere @@ -41,37 +41,69 @@ Monkeysphere client tool. subcommands: update-known_hosts (k) [HOST]... update known_hosts file update-authorized_keys (a) update authorized_keys file + import-subkey (i) import existing ssh key as gpg subkey + --keyfile (-f) FILE key file to import + --expire (-e) EXPIRE date to expire gen-subkey (g) [KEYID] generate an authentication subkey --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire subkey-to-ssh-agent (s) store authentication subkey in ssh-agent + version (v) show version number help (h,?) this help EOF } -# generate a subkey with the 'a' usage flags set -gen_subkey(){ - local keyLength +# import an existing ssh key as a gpg subkey +import_subkey() { + local keyFile="~/.ssh/id_rsa" local keyExpire local keyID local gpgOut local userID - # set default key parameter values - keyLength= - keyExpire= - # get options - TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" + while true ; do + case "$1" in + -f|--keyfile) + keyFile="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + break + ;; + esac + done - if [ $? != 0 ] ; then - exit 1 - fi + log verbose "importing ssh key..." + fifoDir=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) + (umask 077 && mkfifo "$fifoDir/pass") + ssh2openpgp | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --import & + + passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" + + rm -rf "$fifoDir" + wait + log verbose "done." +} - # Note the quotes around `$TEMP': they are essential! - eval set -- "$TEMP" +# generate a subkey with the 'a' usage flags set +gen_subkey(){ + local keyLength + local keyExpire + local keyID + local gpgOut + local userID + # get options while true ; do case "$1" in -l|--length) @@ -82,51 +114,69 @@ gen_subkey(){ keyExpire="$2" shift 2 ;; - --) - shift - ;; - *) + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi break ;; esac done - if [ -z "$1" ] ; then - # find all secret keys - keyID=$(gpg --with-colons --list-secret-keys | grep ^sec | cut -f5 -d: | sort -u) - # if multiple sec keys exist, fail - if (( $(echo "$keyID" | wc -l) > 1 )) ; then - echo "Multiple secret keys found:" - echo "$keyID" + case "$#" in + 0) + gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons 2>/dev/null | egrep '^sec:') + ;; + 1) + gpgSecOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons "$1" | egrep '^sec:') || failure + ;; + *) + failure "You must specify only a single primary key ID." + ;; + esac + + # check that only a single secret key was found + case $(echo "$gpgSecOut" | grep -c '^sec:') in + 0) + failure "No secret keys found. Create an OpenPGP key with the following command: + gpg --gen-key" + ;; + 1) + keyID=$(echo "$gpgSecOut" | cut -d: -f5) + ;; + *) + echo "Multiple primary secret keys found:" + echo "$gpgSecOut" | cut -d: -f5 failure "Please specify which primary key to use." + ;; + esac + + # check that a valid authentication key does not already exist + IFS=$'\n' + for line in $(gpg --quiet --fixed-list-mode --list-keys --with-colons "$keyID") ; do + type=$(echo "$line" | cut -d: -f1) + validity=$(echo "$line" | cut -d: -f2) + usage=$(echo "$line" | cut -d: -f12) + + # look at keys only + if [ "$type" != 'pub' -a "$type" != 'sub' ] ; then + continue fi - else - keyID="$1" - fi - if [ -z "$keyID" ] ; then - failure "You have no secret key available. You should create an OpenPGP -key before joining the monkeysphere. You can do this with: - gpg --gen-key" - fi - - # get key output, and fail if not found - gpgOut=$(gpg --quiet --fixed-list-mode --list-secret-keys --with-colons \ - "$keyID") || failure - - # fail if multiple sec lines are returned, which means the id - # given is not unique - if [ $(echo "$gpgOut" | grep -c '^sec:') -gt '1' ] ; then - failure "Key ID '$keyID' is not unique." - fi - - # prompt if an authentication subkey already exists - if echo "$gpgOut" | egrep "^(sec|ssb):" | cut -d: -f 12 | grep -q a ; then - echo "An authentication subkey already exists for key '$keyID'." - read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} - if [ "${OK/y/Y}" != 'Y' ] ; then - failure "aborting." + # check for authentication capability + if ! check_capability "$usage" 'a' ; then + continue fi - fi + # if authentication key is valid, prompt to continue + if [ "$validity" = 'u' ] ; then + echo "A valid authentication key already exists for primary key '$keyID'." + read -p "Are you sure you would like to generate another one? (y/N) " OK; OK=${OK:N} + if [ "${OK/y/Y}" != 'Y' ] ; then + failure "aborting." + fi + break + fi + done # set subkey defaults # prompt about key expiration if not specified @@ -151,6 +201,7 @@ EOF (umask 077 && mkfifo "$fifoDir/pass") echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" & + # FIXME: this needs to fail more gracefully if the passphrase is incorrect passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass" rm -rf "$fifoDir" @@ -158,7 +209,7 @@ EOF log verbose "done." } -function subkey_to_ssh_agent() { +subkey_to_ssh_agent() { # try to add all authentication subkeys to the agent: local sshaddresponse @@ -365,6 +416,10 @@ case $COMMAND in RETURN="$?" ;; + 'import-subkey'|'i') + import_key "$@" + ;; + 'gen-subkey'|'g') gen_subkey "$@" ;; @@ -373,6 +428,10 @@ case $COMMAND in subkey_to_ssh_agent "$@" ;; + 'version'|'v') + echo "$VERSION" + ;; + '--help'|'help'|'-h'|'h'|'?') usage ;; diff --git a/src/monkeysphere-server b/src/monkeysphere-server index a1844ee..96f5b56 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -46,13 +46,20 @@ Monkeysphere server admin tool. subcommands: update-users (u) [USER]... update user authorized_keys files - gen-key (g) [NAME[:PORT]] generate gpg key for the server + import-key (i) import existing ssh key to gpg + --hostname (-h) NAME[:PORT] hostname for key user ID + --keyfile (-f) FILE key file to import + --expire (-e) EXPIRE date to expire + gen-key (g) generate gpg key for the host + --hostname (-h) NAME[:PORT] hostname for key user ID --length (-l) BITS key length in bits (2048) --expire (-e) EXPIRE date to expire --revoker (-r) FINGERPRINT add a revoker - extend-key (e) EXPIRE extend expiration to EXPIRE - add-hostname (n+) NAME[:PORT] add hostname user ID to server key + extend-key (e) EXPIRE extend host key expiration + add-hostname (n+) NAME[:PORT] add hostname user ID to host key revoke-hostname (n-) NAME[:PORT] revoke hostname user ID + add-revoker (o) FINGERPRINT add a revoker to the host key + revoke-key (r) revoke host key show-key (s) output all server host key information publish-key (p) publish server host key to keyserver diagnostics (d) report on server monkeysphere status @@ -64,8 +71,10 @@ subcommands: remove-id-certifier (c-) KEYID remove a certification key list-id-certifiers (c) list certification keys - gpg-authentication-cmd CMD gnupg-authentication command + gpg-authentication-cmd CMD give a gpg command to the + authentication keyring + version (v) show version number help (h,?) this help EOF @@ -117,30 +126,59 @@ gpg_authentication() { su_monkeysphere_user "gpg $@" } +# check if user is root +is_root() { + [ $(id -u 2>/dev/null) = '0' ] +} + +# check that user is root, for functions that require root access +check_user() { + is_root || failure "You must be root to run this command." +} + # output just key fingerprint fingerprint_server_key() { + # set the pipefail option so functions fails if can't read sec key + set -o pipefail + gpg_host --list-secret-keys --fingerprint \ --with-colons --fixed-list-mode 2> /dev/null | \ - grep '^fpr:' | head -1 | cut -d: -f10 + grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null +} + +# function to check for host secret key +check_host_keyring() { + fingerprint_server_key >/dev/null \ + || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-server gen-key' first." } # output key information show_server_key() { - local fingerprint - local tmpkey + local fingerprintPGP + local fingerprintSSH + local ret=0 + + # FIXME: you shouldn't have to be root to see the host key fingerprint + if is_root ; then + check_host_keyring + fingerprintPGP=$(fingerprint_server_key) + gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprintPGP" 2>/dev/null + echo "OpenPGP fingerprint: $fingerprintPGP" + else + log info "You must be root to see host OpenPGP fingerprint." + ret='1' + fi - fingerprint=$(fingerprint_server_key) - gpg_authentication "--fingerprint --list-key --list-options show-unusable-uids $fingerprint" - - # do some crazy "Here Strings" redirection to get the key to - # ssh-keygen, since it doesn't read from stdin cleanly - echo -n "ssh fingerprint: " - ssh-keygen -l -f /dev/stdin \ - <<<$(gpg_authentication "--export $fingerprint" | \ - openpgp2ssh "$fingerprint" 2>/dev/null) | \ - awk '{ print $1, $2, $4 }' - echo -n "OpenPGP fingerprint: " - echo "$fingerprint" + if [ -f "${SYSDATADIR}/ssh_host_rsa_key.pub" ] ; then + fingerprintSSH=$(ssh-keygen -l -f "${SYSDATADIR}/ssh_host_rsa_key.pub" | \ + awk '{ print $1, $2, $4 }') + echo "ssh fingerprint: $fingerprintSSH" + else + log info "SSH host key not found." + ret='1' + fi + + return $ret } # update authorized_keys for users @@ -281,37 +319,107 @@ update_users() { done } +# import an existing ssh key to a gpg key +import_key() { + local hostName=$(hostname -f) + local keyFile="/etc/ssh/ssh_host_rsa_key" + local keyExpire + local userID + + # check for presense of secret key + # FIXME: is this the proper test to be doing here? + fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + + # get options + while true ; do + case "$1" in + -h|--hostname) + hostName="$2" + shift 2 + ;; + -f|--keyfile) + keyFile="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + break + ;; + esac + done + + if [ ! -f "$keyFile" ] ; then + failure "SSH secret key file '$keyFile' not found." + fi + + userID="ssh://${hostName}" + + # prompt about key expiration if not specified + keyExpire=$(get_gpg_expiration "$keyExpire") + + echo "The following key parameters will be used for the host private key:" + echo "Import: $keyFile" + echo "Name-Real: $userID" + echo "Expire-Date: $keyExpire" + + read -p "Import key? (Y/n) " OK; OK=${OK:=Y} + if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." + fi + + log verbose "importing ssh key..." + # translate ssh key to a private key + (umask 077 && \ + pem2openpgp "$userID" "$keyExpire" < "$sshKey" | gpg_host --import) + + # find the key fingerprint of the newly converted key + fingerprint=$(fingerprint_server_key) + + # export host ownertrust to authentication keyring + log verbose "setting ultimate owner trust for host key..." + echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" + echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + + # export public key to file + gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + + # show info about new key + show_server_key +} + # generate server gpg key gen_key() { - local keyType - local keyLength - local keyUsage + local keyType="RSA" + local keyLength="2048" + local keyUsage="auth" local keyExpire local revoker - local hostName + local hostName=$(hostname -f) local userID local keyParameters local fingerprint - # set default key parameter values - keyType="RSA" - keyLength="2048" - keyUsage="auth" - keyExpire= - revoker= + # check for presense of secret key + # FIXME: is this the proper test to be doing here? + fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." # get options - TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o e:l:r -l expire:,length:,revoker: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" - - if [ $? != 0 ] ; then - exit 1 - fi - - # Note the quotes around `$TEMP': they are essential! - eval set -- "$TEMP" - while true ; do case "$1" in + -h|--hostname) + hostName="$2" + shift 2 + ;; -l|--length) keyLength="$2" shift 2 @@ -324,44 +432,36 @@ gen_key() { revoker="$2" shift 2 ;; - --) - shift - ;; - *) + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi break ;; esac done - hostName=${1:-$(hostname -f)} userID="ssh://${hostName}" - # check for presense of key with user ID - if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then - failure "Key for '$userID' already exists" - fi - # prompt about key expiration if not specified keyExpire=$(get_gpg_expiration "$keyExpire") # set key parameters - keyParameters=$(cat <<EOF -Key-Type: $keyType + keyParameters=\ +"Key-Type: $keyType Key-Length: $keyLength Key-Usage: $keyUsage Name-Real: $userID -Expire-Date: $keyExpire -EOF -) +Expire-Date: $keyExpire" # add the revoker field if specified # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key. # FIXME: key is marked "sensitive"? is this appropriate? if [ "$revoker" ] ; then - keyParameters="${keyParameters}"$(cat <<EOF -Revoker: 1:$revoker sensitive -EOF -) + keyParameters=\ +"${keyParameters} +Revoker: 1:${revoker} sensitive" fi echo "The following key parameters will be used for the host private key:" @@ -373,24 +473,21 @@ EOF fi # add commit command - keyParameters="${keyParameters}"$(cat <<EOF + # must include blank line! + keyParameters=\ +"${keyParameters} %commit -%echo done -EOF -) +%echo done" - log verbose "generating server key..." + log verbose "generating host key..." echo "$keyParameters" | gpg_host --batch --gen-key - # output the server fingerprint - fingerprint_server_key "=${userID}" - # find the key fingerprint of the newly generated key fingerprint=$(fingerprint_server_key) # export host ownertrust to authentication keyring - log verbose "setting ultimate owner trust for server key..." + log verbose "setting ultimate owner trust for host key..." echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" # translate the private key to ssh format, and export to a file @@ -404,6 +501,9 @@ EOF log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + + # show info about new key + show_server_key } # extend the lifetime of a host key: @@ -411,10 +511,6 @@ extend_key() { local fpr=$(fingerprint_server_key) local extendTo="$1" - if [ -z "$fpr" ] ; then - failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first." - fi - # get the new expiration date extendTo=$(get_gpg_expiration "$extendTo") @@ -471,7 +567,7 @@ $userID save EOF - ) +) # execute edit-key script if echo "$adduidCommand" | \ @@ -569,6 +665,18 @@ EOF fi } +# add a revoker to the host key +add_revoker() { + # FIXME: implement! + failure "not implemented yet!" +} + +# revoke the host key +revoke_key() { + # FIXME: implement! + failure "not implemented yet!" +} + # publish server key to keyserver publish_server_key() { read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N} @@ -709,6 +817,10 @@ diagnostics() { echo " - Recommendation: remove the above HostKey lines from $sshd_config" problemsfound=$(($problemsfound+1)) fi + + # FIXME: test (with ssh-keyscan?) that the running ssh + # daemon is actually offering the monkeysphere host key. + fi fi @@ -767,15 +879,6 @@ add_certifier() { depth=1 # get options - TEMP=$(PATH="/usr/local/bin:$PATH" getopt -o n:t:d: -l domain:,trust:,depth: -n "$PGRM" -- "$@") || failure "getopt failed! Does your getopt support GNU-style long options?" - - if [ $? != 0 ] ; then - exit 1 - fi - - # Note the quotes around `$TEMP': they are essential! - eval set -- "$TEMP" - while true ; do case "$1" in -n|--domain) @@ -790,10 +893,11 @@ add_certifier() { depth="$2" shift 2 ;; - --) - shift - ;; - *) + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi break ;; esac @@ -855,9 +959,9 @@ add_certifier() { # export the key to the host keyring gpg_authentication "--export 0x${fingerprint}!" | gpg_host --import - if [ "$trust" == marginal ]; then + if [ "$trust" = marginal ]; then trustval=1 - elif [ "$trust" == full ]; then + elif [ "$trust" = full ]; then trustval=2 else failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." @@ -990,53 +1094,93 @@ shift case $COMMAND in 'update-users'|'update-user'|'u') + check_user + check_host_keyring update_users "$@" ;; + 'import-key'|'i') + check_user + import_key "$@" + ;; + 'gen-key'|'g') + check_user gen_key "$@" ;; 'extend-key'|'e') + check_user + check_host_keyring extend_key "$@" ;; 'add-hostname'|'add-name'|'n+') + check_user + check_host_keyring add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') + check_user + check_host_keyring revoke_hostname "$@" ;; + 'add-revoker'|'o') + check_user + check_host_keyring + add_revoker "$@" + ;; + + 'revoke-key'|'r') + check_user + check_host_keyring + revoke_key "$@" + ;; + 'show-key'|'show'|'s') show_server_key ;; 'publish-key'|'publish'|'p') + check_user + check_host_keyring publish_server_key ;; 'diagnostics'|'d') + check_user diagnostics ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_user + check_host_keyring add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_user + check_host_keyring remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_user + check_host_keyring list_certifiers "$@" ;; 'gpg-authentication-cmd') + check_user gpg_authentication_cmd "$@" ;; + 'version'|'v') + echo "$VERSION" + ;; + '--help'|'help'|'-h'|'h'|'?') usage ;; diff --git a/website/bugs.mdwn b/website/bugs.mdwn index d621500..bd437f9 100644 --- a/website/bugs.mdwn +++ b/website/bugs.mdwn @@ -2,10 +2,18 @@ # Bugs # -This is Monkeysphere's bug list. You can also browse our [completed bugs](done). +The Monkeysphere is moving to a [new issue tracking +system](https://labs.riseup.net/code/projects/show/monkeysphere), +hosted at [Riseup Labs](https://labs.riseup.net/code). We're leaving +this old bug list up during the transition. -If you don't have commit access to the public repo, we'd appreciate -you reporting bugs on [the monkeysphere mailing list](/community). +If you use [Debian](htt[://debian.org), please consider submitting +your bug to the [Debian BTS](http://bugs.debian.org/monkeysphere). + +You can also browse our [completed bugs](done). + +Please feel free to also ask any questions on the [the monkeysphere +mailing list](/community). [[inline pages="./bugs/* and !./bugs/done and !link(done) and !*/Discussion" actions=yes postform=yes show=0]] diff --git a/website/bugs/posix_compliance.mdwn b/website/bugs/posix_compliance.mdwn new file mode 100644 index 0000000..d418e98 --- /dev/null +++ b/website/bugs/posix_compliance.mdwn @@ -0,0 +1,12 @@ +It would be nice to make all of the Monkeysphere scripts POSIX +compliant, for portability and light-weightedness. Better POSIX +compliance would probably at least be better for compatibility with +o{ther,lder} versions of bash. Unfortunately there are quite a few +bashism at the moment, so this may not be trivial. For instance: + + servo:~/cmrg/monkeysphere/git 0$ checkbashisms -f src/monkeysphere-server 2>&1 | wc -l + 50 + servo:~/cmrg/monkeysphere/git 0$ + +It looks like the biggest complication for this would be the +occasional use of bash arrays. diff --git a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn index 65268c5..67bc9d2 100644 --- a/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn +++ b/website/bugs/problems-with-root-owned-gpg-keyrings.mdwn @@ -22,3 +22,100 @@ be hiding a bug, rather than getting it fixed correctly. Are there other ways we can deal with this problem? --dkg + +Here is an example when using monkeysphere-server +add-identity-certifier on a host with a newly-installed monkeysphere +installaton. Note that running the same command a second time works +as expected: + + 0 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 + gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net + gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported + gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied + gpg: failed to rebuild keyring cache: file open error + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: next trustdb check due at 2009-03-30 + gpg: Total number processed: 1 + gpg: imported: 1 (RSA: 1) + Could not receive a key with this ID from the 'pool.sks-keyservers.net' keyserver. + 255 pip:~# monkeysphere-server c+ 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 + gpg: requesting key D21739E9 from hkp server pool.sks-keyservers.net + gpg: key D21739E9: "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" not changed + gpg: Total number processed: 1 + gpg: unchanged: 1 + + key found: + pub 4096R/D21739E9 2007-06-02 [expires: 2012-05-31] + Key fingerprint = 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9 + uid [ unknown] Daniel Kahn Gillmor <dkg@fifthhorseman.net> + uid [ unknown] Daniel Kahn Gillmor <dkg@openflows.com> + uid [ unknown] Daniel Kahn Gillmor <dkg@astro.columbia.edu> + uid [ unknown] Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> + uid [ unknown] [jpeg image of size 3515] + sub 2048R/4BFA08E4 2008-06-19 [expires: 2009-06-19] + sub 4096R/21484CFF 2007-06-02 [expires: 2012-05-31] + + Are you sure you want to add the above key as a + certifier of users on this system? (y/N) y + gpg: key D21739E9: public key "Daniel Kahn Gillmor <dkg@fifthhorseman.net>" imported + gpg: Total number processed: 1 + gpg: imported: 1 (RSA: 1) + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: next trustdb check due at 2009-03-30 + gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc. + This is free software: you are free to change and redistribute it. + There is NO WARRANTY, to the extent permitted by law. + + + pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC + trust: unknown validity: unknown + [ unknown] (1). Daniel Kahn Gillmor <dkg@fifthhorseman.net> + [ unknown] (2) Daniel Kahn Gillmor <dkg@openflows.com> + [ unknown] (3) Daniel Kahn Gillmor <dkg@astro.columbia.edu> + [ unknown] (4) Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> + [ unknown] (5) [jpeg image of size 3515] + + + pub 4096R/D21739E9 created: 2007-06-02 expires: 2012-05-31 usage: SC + trust: unknown validity: unknown + Primary key fingerprint: 0EE5 BE97 9282 D80B 9F75 40F1 CCD2 ED94 D217 39E9 + + Daniel Kahn Gillmor <dkg@fifthhorseman.net> + Daniel Kahn Gillmor <dkg@openflows.com> + Daniel Kahn Gillmor <dkg@astro.columbia.edu> + Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net> + [jpeg image of size 3515] + + This key is due to expire on 2012-05-31. + Please decide how far you trust this user to correctly verify other users' keys + (by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I trust marginally + 2 = I trust fully + + + Please enter the depth of this trust signature. + A depth greater than 1 allows the key you are signing to make + trust signatures on your behalf. + + + Please enter a domain to restrict this signature, or enter for none. + + + Are you sure that you want to sign this key with your + key "ssh://pip.fifthhorseman.net" (9B83C17D) + + The signature will be marked as non-exportable. + + + gpg: can't create `/var/lib/monkeysphere/gnupg-host/pubring.gpg.tmp': Permission denied + gpg: failed to rebuild keyring cache: file open error + gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u + gpg: depth: 1 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 1f, 0u + gpg: next trustdb check due at 2009-03-30 + + Identity certifier added. + 0 pip:~# diff --git a/website/bugs/use_getopts_instead_of_getopt.mdwn b/website/bugs/use_getopts_instead_of_getopt.mdwn new file mode 100644 index 0000000..2ec68d6 --- /dev/null +++ b/website/bugs/use_getopts_instead_of_getopt.mdwn @@ -0,0 +1,19 @@ +Since Monkeysphere is using bash, it would be nice to use the shell +build in getopts function, instead of the external getopt program. +This would reduce an external dependency, which would definitely be +better for portability. + +--- + +So it looks like the sh built-in getopts does not include long options +(eg. "--expire"). Is it worth getting rid of the long options for +this? + +--- + +Why not just get rid of getopts altogether and perform a simple +argument-processing loop with bash string tests? We're only invoking +getopt in three places, and each invocation is no more complex than +three arguments -- and most arguments take a separate parameter, which +means that handling tricky arg blobs like -aCxr are not gonna be +supported anyway. diff --git a/website/doc.mdwn b/website/doc.mdwn index cd7bc76..28db2ef 100644 --- a/website/doc.mdwn +++ b/website/doc.mdwn @@ -19,10 +19,12 @@ ## References ## - * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) + * [OpenSSH](http://openssh.com/) + * [GnuPG](http://www.gnupg.org/) * [OpenPGP (RFC 4880)](http://tools.ietf.org/html/rfc4880) * [Secure Shell Authentication Protocol (RFC 4252)](http://tools.ietf.org/html/rfc4252) * [URI scheme for SSH, RFC draft](http://tools.ietf.org/wg/secsh/draft-ietf-secsh-scp-sftp-ssh-uri/) + * [Initial Monkeysphere specifications at CMRG](http://cmrg.fifthhorseman.net/wiki/OpenPGPandSSH) ## Other ## diff --git a/website/download.mdwn b/website/download.mdwn index 6d5a73f..a5c7479 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -75,38 +75,38 @@ For those that would like to download the source directly, [the source is available](/community) via [git](http://git.or.cz/). The [latest -tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.21.orig.tar.gz) +tarball](http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_0.22.orig.tar.gz) is also available, and has these checksums: <pre> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -checksums for the monkeysphere 0.21 release: +checksums for the monkeysphere 0.22 release: MD5: -15fe181983565aca0fbe4c41f9f6752e monkeysphere_0.21.orig.tar.gz +2bb00c86323409b98aff53f94d9ce0a6 monkeysphere_0.22.orig.tar.gz SHA1: -27e915a45cdbe50a139ed4f4b13746b17c165b0f monkeysphere_0.21.orig.tar.gz +312882ad192b8e7303e3e0ac9db20ac8ddc529b3 monkeysphere_0.22.orig.tar.gz SHA256: -1535c3f722f5f5c1646a4981efef4a262ac7b23bf4b980c9aee11af2600eedc2 monkeysphere_0.21.orig.tar.gz +2566facda807a67a4d2d6de3833cccfa0b78b454909e8d25f47a235a9e621b24 monkeysphere_0.22.orig.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) -iQIVAwUBSR8+7BjmZ/HrivMUAQLeKg/+JT4LCXBR/06p/w2KBd1MKqch5Qf2ryIo -mxCTWtZRgVQSeOFUJ5SXX+Tfs7VZfkV5HuahUH3NmGC6EMhYyB2olwBOOoIAqEKw -1zVyn49bowCee+gTc3QHyT0Eqgt2ARtzl3/VrHkiw2MaJN3IZXseovyL8ksnEu+u -s8fq26imtBrrucIxp4ZtHUw/h/YrJohHcJ8QQN5/UWFLug4C4aRFmnzL+oCySxAa -0au/zFxxRZE5pMhLUvRwwCwPFx2CGBz6y9lAOiDPhhUqh+Bf7JKWJzk35Dj5Tm+2 -lCIzYtfpBkuF9ehCrm8WYF5aFg+gto8Bc6IJci9J6h2npBYIG0IbWOknMZz3+Ti2 -c3EltlJjK0LKEHujDYjf9tkNAxbBdtlYuw8x925ILeK7n8xX0Jr1TDzPyAIYaogv -IVqsgnvQ489K8k06173kyrPaetyvOlU3bN1zcPdqTyCD6+eBbeCeKXO4324C8iMF -rQPW4HScOdIidqFuzHyIT7PoY4DwWMgeAVymRSEufifvRcdCvQdlC4MaxxVf5I8A -ATkD3CrY+5NZeERAGbmlu7Uz+sUk5tLUH0Q2qvjZUIQRctfr4BMheuBubsLR9yP3 -FZ4Q4kl34eU/WU7NtTmIFy7gDhLSIoeQINfYZlNEXQ7Y/RZUOEwoPI/spAXgw6De -Xpsw0wPZtcM= -=JDaA +iQIVAwUBSTCiPRjmZ/HrivMUAQLg/BAAsdLsCQYSmvYLrYy1HiARtZOckqSOFv5e +lnoOYEXKCXVjKqYUn4gjOkP2kQlnEOazfXrT/pO4u0AKUbf3C8bPDpIeao8uuPXI +GG6HOWtsY93a2g8DM9fOzadIwhhBc9U7VwizBwFsxMw6xFTIKfoqqQonfEYFFLb6 +zyJVcfhmmGjgoJ9qA3AlYAf/i3Y/fcXh+YMI5J3Gez3BTVcep41UlcQUyd33pHF6 +aHdSWCzrotFual3fbf0meQewbBCW3JRBsbmCHQltbO/kNrtyfXb3Rp4oLiffcmpI +DhfpFeonVHnUI9CVHmL7qbnBsgu5Q8l8Fxzu5pyzrGJxlvqBCpG8JM2FI0jJxw6o +LQkmXCHteYKyopqKz5X0ATCot2Eoc9+kNEHwNWI37XbY7AV1XOOzGiaMjl+w8aUR +QM8+Gi0h7SU2KuEogIsq1TghsDp3BJpTyBnc72ttLt2BvMzANOJnM8cmQqW8bOpz +9Jdob+ISKkKG9q0wp61gb+8/f7mZKNtpr2rpRVYyjHgwR5XfbnS+gaD2B1NyG7NY +yxW7fHpTsuwqcm2ONjZCDpEj0bXM0cL7r8c3J0L5kRCiN05c/KKYTNC70kTwCeQa +ninihvIJal0Wu3LZxtYmtxuApq3wmc8NPo66C+TC24YGtxxJuZMS1qOlPFIPADIa +EeBVdDmRbBw= +=FmCP -----END PGP SIGNATURE----- </pre> diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn index 1c373ac..5c7203d 100644 --- a/website/getting-started-admin.mdwn +++ b/website/getting-started-admin.mdwn @@ -2,60 +2,106 @@ Monkeysphere Server Administrator README ======================================== As the administrator of an SSH server, you can take advantage of the -monkeysphere in two ways: you can publish the host key of your machine -so that your users can have it automatically verified, and you can set -up your machine to automatically identify connecting users by their -presence in the OpenPGP web of trust. +monkeysphere in two ways: +1. you can publish the host key of your machine so that your users can +have it automatically verified, and + +2. you can set up your machine to automatically identify connecting +users by their presence in the OpenPGP web of trust. + +These things are not mutually required, and it is in fact possible to +do one without the other. However, it is highly recommend that you at +least do the first. Even if you decide that you do not want to use +the monkeysphere to authenticate users to your system, you should at +least the host key into the Web of Trust so that your users can be +sure they're connecting to the correct machine. + + +Monkeysphere for host verification +================================== Server host key publication --------------------------- -To generate and publish a server host key: + +To begin, you must first generate a server host key: # monkeysphere-server gen-key - # monkeysphere-server publish-key This will generate the key for server with the service URI -(`ssh://server.example.net`). The server admin should now sign the -server key so that people in the admin's web of trust can identify the -server without manual host key checking: +(`ssh://server.example.net`). Output the new key information with the +'show-key' command: + + # monkeysphere-server show-key + +Once the key has been generated, it needs to be publish to the Web of +Trust: + + # monkeysphere-server publish-key + +The server admin should now sign the server key so that people in the +admin's web of trust can identify the server without manual host key +checking. On your (the admin's) local machine retrieve the host key: $ gpg --search '=ssh://server.example.net' + +Now sign the server key: + $ gpg --sign-key '=ssh://server.example.net' +Make sure you compare the fingerprint of the retrieved with the one +output with the 'show-key' command above, to verify you are signing +the correct key. Finally, publish your signatures back to the +keyservers: + + $ gpg --send-key '=ssh://server.example.net' Update OpenSSH configuration files ---------------------------------- To use the newly-generated host key for ssh connections, put the -following line in `/etc/ssh/sshd_config` (be sure to remove references -to any other keys): +following line in `/etc/ssh/sshd_config` (be sure to comment out or +remove any other HostKey references): HostKey /var/lib/monkeysphere/ssh_host_rsa_key -FIXME: should we just suggest symlinks in the filesystem here instead? +FIXME: What about DSA host keys? The SSH RFC seems to require +implementations support DSA, though OpenSSH will work without a DSA +host key. -FIXME: What about DSA host keys? The SSH RFC seems to require implementations support DSA, though OpenSSH will work without a DSA host key. -To enable users to use the monkeysphere to authenticate using the -OpenPGP web of trust, add this line to `/etc/ssh/sshd_config` (again, -making sure that no other AuthorizedKeysFile directive exists): +Monkeysphere for user authentication +==================================== - AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u +A host can maintain ssh `authorized_keys` files automatically for its +users with the Monkeysphere. These `authorized_keys` files can then +be used to enable users to use the monkeysphere to authenticate to +your machine using the OpenPGP web of trust. + +Before this can happen, the host must first have a host key to use for +user key verification. If you have not already generated a host key +(as in the host verification instructions above), generate one now: + + # monkeysphere-server gen-key -And then read the section below about how to ensure these files are -maintained. You'll need to restart `sshd` to have your changes take -effect. As with any change to `sshd_config`, be sure to retain an -existing session to the machine while you test your changes so you -don't get locked out. +Update OpenSSH configuration files +---------------------------------- + +SSH must be configured to point to the monkeysphere generated +`authorized_keys` file. Add this line to `/etc/ssh/sshd_config` +(again, making sure that no other AuthorizedKeysFile directive is left +uncommented): + AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u + +You'll need to restart `sshd` to have your changes take effect. As +with any change to `sshd_config`, be sure to retain an existing +session to the machine while you test your changes so you don't get +locked out. Monkeysphere authorized_keys maintenance ---------------------------------------- -A host can maintain ssh authorized_keys files automatically for its -users with the Monkeysphere. - For each user account on the server, the userids of people authorized to log into that account would be placed in: @@ -72,12 +118,12 @@ If the admin's OpenPGP keyid is `$GPGID`, then on the server run: # monkeysphere-server add-identity-certifier $GPGID -To update the monkeysphere authorized_keys file for user "bob" using +To update the monkeysphere `authorized_keys` file for user "bob" using the current set of identity certifiers, run: # monkeysphere-server update-users bob -To update the monkeysphere authorized_keys file for all users on the +To update the monkeysphere `authorized_keys` file for all users on the the system, run the same command with no arguments: # monkeysphere-server update-users diff --git a/website/index.mdwn b/website/index.mdwn index 2e756ae..4abeea0 100644 --- a/website/index.mdwn +++ b/website/index.mdwn @@ -69,12 +69,11 @@ To emphasize: ***no modifications to SSH are required to use the Monkeysphere***. OpenSSH can be used as is; completely unpatched and "out of the box". -## Links ## +## License ## -* [OpenSSH](http://openssh.com/) -* [GnuPG](http://www.gnupg.org/) -* [Secure Shell Authentication Protocol RFC 4252](http://tools.ietf.org/html/rfc4252) -* [OpenPGP RFC 4880](http://tools.ietf.org/html/rfc4880) +All Monkeysphere software is copyright, 2007, by [the +authors](community), and released under [GPL, version 3 or +later](http://www.gnu.org/licenses/gpl-3.0.html). ---- diff --git a/website/local.css b/website/local.css index c4b59e9..de0f196 100644 --- a/website/local.css +++ b/website/local.css @@ -58,31 +58,31 @@ pre { overflow: auto; } -table.sitenav { +table.sitenav { border-bottom: 2px solid black; padding: 0px; width: 100%; font-size: larger; } -table.sitenav img.logo { - margin: 0px; - padding: 0px; +table.sitenav img.logo { + margin: 0em; + padding: 0px; vertical-align: bottom; } +table.sitenav img.title { + margin: 0px; + padding: 0px; + vertical-align: top; +} + table.sitenav a { font-weight: bold; margin-right: 1em; font-size: smaller; } -/* trying to align the sitenav links roughly with the text in the monkeysphere logo */ -td#sitenav { - vertical-align: bottom; - padding-bottom: 30px; -} - table.sitenav span.selflink { font-weight: bold; text-decoration: underline; diff --git a/website/logo.simple.png b/website/logo.simple.png Binary files differnew file mode 100644 index 0000000..5cc69eb --- /dev/null +++ b/website/logo.simple.png diff --git a/website/logo.title.png b/website/logo.title.png Binary files differnew file mode 100644 index 0000000..a203f8b --- /dev/null +++ b/website/logo.title.png diff --git a/website/news/Monkeysphere-in-Debian.mdwn b/website/news/Monkeysphere-in-Debian.mdwn new file mode 100644 index 0000000..edad432 --- /dev/null +++ b/website/news/Monkeysphere-in-Debian.mdwn @@ -0,0 +1,15 @@ +[[meta title="Monkeysphere now in Debian!"]] + +[The Monkeysphere has made it into +Debian!](http://packages.debian.org/sid/monkeysphere) + +It is in Debian unstable ("sid") now, which means it won't make it +into the next stable release ("lenny"), but hopefully will make it +into the stable release after that ("squeeze"). + +Congratulations to all the work by all the [monkeysphere +developers](/community), and to Micah Anderson for being our Debian +sponsor. + +Please feel free to start submitting bug reports to the [Debian +BTS](http://bugs.debian.org/monkeysphere). diff --git a/website/news/release-0.22-1.mdwn b/website/news/release-0.22-1.mdwn new file mode 100644 index 0000000..078b605 --- /dev/null +++ b/website/news/release-0.22-1.mdwn @@ -0,0 +1,25 @@ +[[meta title="Monkeysphere 0.22-1 released!"]] + +Monkeysphere 0.22-1 has been released. + +Notes from the changelog: + +<pre> + * New upstream release: + [ Jameson Graef Rollins ] + + - added info log output when a new key is added to known_hosts file. + - added some useful output to the ssh-proxycommand for "marginal" + cases where keys are found for host but do not have full validity. + - force ssh-keygen to read from stdin to get ssh key fingerprint. + + [ Daniel Kahn Gillmor ] + + - automatically output two copies of the host's public key: one + standard ssh public key file, and the other a minimal OpenPGP key with + just the latest valid self-sig. + - debian/control: corrected alternate dependency from procfile to + procmail (which provides /usr/bin/lockfile) +</pre> + +[[Download]] it now! diff --git a/website/sidebar.mdwn b/website/sidebar.mdwn index fe21fc5..4783d2a 100644 --- a/website/sidebar.mdwn +++ b/website/sidebar.mdwn @@ -1,13 +1,19 @@ <table class="sitenav" cellpadding="0" cellspacing="0"> -<tbody><tr><td> -<a class="logo" href="/"><img class="logo" src="/logo.png" alt="monkeysphere" width="343" height="85" /></a> -</td><td id="sitenav"> - +<colgroup span="1" width="120" /> +<tr> +<td rowspan="2"><a href="/"><img class="logo" src="/logo.simple.png" alt="monkeysphere" /></a></td> +<td><a href="/"><img class="title" src="/logo.title.png" alt="monkeysphere" /></a></td> +</tr><tr> +<td> [[WHY?|why]] [[DOWNLOAD|download]] [[DOCUMENTATION|doc]] [[NEWS|news]] [[COMMUNITY|community]] -[[BUGS|bugs]] +<a href="https://labs.riseup.net/code/wiki/monkeysphere">WIKI</a> +<a href="https://labs.riseup.net/code/projects/monkeysphere/issues">BUGS</a> +[[VISION|vision]] +</td> +</tr> +</table> -</td></tr></tbody></table> diff --git a/website/vision.mdwn b/website/vision.mdwn new file mode 100644 index 0000000..281bc72 --- /dev/null +++ b/website/vision.mdwn @@ -0,0 +1,31 @@ +[[meta title="Our vision for the future of the monkeysphere"]] + +## External Validation Agent ## + +This is probably at the crux of the Monkeysphere vision for the future: + +* [Simon Josefsson proposed out-of-process certificate verification model in gnutls-devel](http://news.gmane.org/find-root.php?group=gmane.comp.encryption.gpg.gnutls.devel&article=3231) +* [Werner Koch's dirmngr](http://www.gnupg.org/documentation/manuals/dirmngr/) +* [GnuTLS wiki external validation](http://redmine.josefsson.org/wiki/gnutls/GnuTLSExternalValidation) +* [Pathfinder PKI validation](http://code.google.com/p/pathfinder-pki/) (includes validation plugins for OpenSSL and LibNSS). + +## TLS transition strategies ## + +While [RFC 5081](http://tools.ietf.org/html/rfc5081) is quite a while +off from widespread adoption, it would be good to have an interim +translation step. This is analogous to the SSH work we've done, where +the on-the-wire protocol remains the same, but the keys themselves are +looked up in the OpenPGP WoT. + +Firefox extensions that deal with certificate validation seem to be +the easiest path toward demonstrating this technique. We should look +at: + +* [SSL Blacklist](http://codefromthe70s.org/sslblacklist.aspx) +* [Perspectives](http://www.cs.cmu.edu/~perspectives/firefox.html) +* there is another firefox extension that basically disables all TLS certificate checking. The download page says things like "this is a bad idea" and "do not install this extension", but i'm unable to find it at the moment. + +## Related discussions ## + +* [Wandering Thoughts blog discussion about Web of Trust flaws](http://utcc.utoronto.ca/~cks/space/blog/tech/WebOfTrustFlaws?showcomments) +* [Wandering Thoughts blog discussion about certificate authorities](http://utcc.utoronto.ca/~cks/space/blog/web/SSLCANeed?showcomments) |
