diff options
Diffstat (limited to 'src/share/ma')
-rw-r--r-- | src/share/ma/add_certifier | 58 | ||||
-rw-r--r-- | src/share/ma/remove_certifier | 8 | ||||
-rw-r--r-- | src/share/ma/setup | 6 |
3 files changed, 44 insertions, 28 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 0c3c647..60a4f9d 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -3,6 +3,20 @@ # Monkeysphere authentication add-certifier subcommand # +# This function adds a certifier whose signatures will be used to +# calculate validity of keys used to connect to user accounts on the +# server. The specified certifier key is first retrieved from the Web +# of Trust with the monkeysphere-user-controlled gpg_sphere keyring. +# Once then new key is retrieved, it is imported into the core +# keyring. The gpg_core then ltsigns the key with the desired trust +# level, and then the key is exported back to the gpg_sphere keyring. +# The gpg_sphere has ultimate owner trust of the core key, so the core +# ltsigs on the new certifier key can then be used by gpg_sphere +# calculate validity for keys inserted in the authorized_keys file. +# +# This is all to keep the monkeysphere user that connects to the +# keyservers from accessing the core secret key. +# # The monkeysphere scripts are written by: # Jameson Rollins <jrollins@finestructure.net> # Jamie McClelland <jm@mayfirst.org> @@ -11,9 +25,6 @@ # They are Copyright 2008-2009, and are all released under the GPL, # version 3 or later. -# retrieve key from web of trust, import it into the host keyring, and -# ltsign the key in the host keyring so that it may certify other keys - add_certifier() { local domain @@ -59,7 +70,7 @@ if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi if [ -f "$keyID" ] ; then - echo "Reading key from file '$keyID':" + log info "Reading key from file '$keyID':" importinfo=$(gpg_sphere "--import" < "$keyID" 2>&1) || failure "could not read key from '$keyID'" # FIXME: if this is tried when the key database is not # up-to-date, i got these errors (using set -x): @@ -96,8 +107,7 @@ if [ -z "$fingerprint" ] ; then failure "Key '$keyID' not found." fi -echo -echo "key found:" +log info -e "\nkey found:" gpg_sphere "--fingerprint 0x${fingerprint}!" echo "Are you sure you want to add the above key as a" @@ -106,18 +116,24 @@ if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not added." fi -# export the key to the host keyring +# export the key to the core keyring so that the core can sign the +# new certifier key gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import -if [ "$trust" = marginal ]; then - trustval=1 -elif [ "$trust" = full ]; then - trustval=2 -else - failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." -fi - -# ltsign command +case "$trust" in + 'marginal') + trustval=1 + ;; + 'full') + trustval=2 + ;; + *) + failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." + ;; +esac + +# this is the gpg "script" that gpg --edit-key will execute for the +# core to sign certifier. # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF ltsign @@ -130,15 +146,17 @@ save EOF ) -# ltsign the key +# core ltsigns the newly imported certifier key if echo "$ltsignCommand" | \ gpg_core --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then - # update the trustdb for the authentication keyring + # transfer the new sigs back to the sphere keyring + gpg_core_sphere_sig_transfer + + # update the sphere trustdb gpg_sphere "--check-trustdb" - echo - echo "Identity certifier added." + log info -e "\nIdentity certifier added." else failure "Problem adding identify certifier." fi diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier index 560281d..1164162 100644 --- a/src/share/ma/remove_certifier +++ b/src/share/ma/remove_certifier @@ -32,16 +32,16 @@ else failure fi -# delete the requested key +# delete the requested key from the sphere keyring +# FIXME: should this be a revokation instead of a removal? if gpg_sphere "--delete-key --batch --yes 0x${keyID}!" ; then - # delete key from host keyring as well + # delete key from core keyring as well gpg_core --delete-key --batch --yes "0x${keyID}!" # update the trustdb for the authentication keyring gpg_sphere "--check-trustdb" - echo - echo "Identity certifier removed." + log info -e "\nIdentity certifier removed." else failure "Problem removing identity certifier." fi diff --git a/src/share/ma/setup b/src/share/ma/setup index 672a960..229166b 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -34,12 +34,10 @@ EOF # Edits will be overwritten. no-greeting primary-keyring ${GNUPGHOME_SPHERE}/pubring.gpg -keyring ${GNUPGHOME_CORE}/pubring.gpg - list-options show-uid-validity EOF - # fingerprint of core key. this should be empty on unconfigured systems. + # get fingerprint of core key. this should be empty on unconfigured systems. local CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then @@ -57,7 +55,7 @@ EOF # date. < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" - gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key + # get fingerprint of core key. should definitely not be empty at this point CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then failure "Failed to create Monkeysphere authentication trust core!" |