diff options
Diffstat (limited to 'src/share/mh/gen_key')
-rw-r--r-- | src/share/mh/gen_key | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key new file mode 100644 index 0000000..aad213a --- /dev/null +++ b/src/share/mh/gen_key @@ -0,0 +1,107 @@ +# -*-shell-script-*- +# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) + +# Monkeysphere host gen-key subcommand +# +# The monkeysphere scripts are written by: +# Jameson Rollins <jrollins@finestructure.net> +# Jamie McClelland <jm@mayfirst.org> +# Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +gen_key() { + +local keyType="RSA" +local keyLength="2048" +local keyUsage="auth" +local keyExpire +local hostName=$(hostname -f) +local userID +local keyParameters +local fingerprint + +# check for presense of secret key +# FIXME: is this the proper test to be doing here? +fingerprint_server_key >/dev/null \ + && failure "An OpenPGP host key already exists." + +# get options +while true ; do + case "$1" in + -l|--length) + keyLength="$2" + shift 2 + ;; + -e|--expire) + keyExpire="$2" + shift 2 + ;; + *) + if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then + failure "Unknown option '$1'. +Type '$PGRM help' for usage." + fi + hostName="$1" + shift; + break + ;; + esac +done + +userID="ssh://${hostName}" + +# prompt about key expiration if not specified +keyExpire=$(get_gpg_expiration "$keyExpire") + +# set key parameters +keyParameters=\ +"Key-Type: $keyType +Key-Length: $keyLength +Key-Usage: $keyUsage +Name-Real: $userID +Expire-Date: $keyExpire" + +echo "The following key parameters will be used for the host private key:" +echo "$keyParameters" + +read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} +if [ ${OK/y/Y} != 'Y' ] ; then + failure "aborting." +fi + +# add commit command +# must include blank line! +keyParameters=\ +"${keyParameters} + +%commit +%echo done" + +log verbose "generating host key..." +echo "$keyParameters" | gpg_host --batch --gen-key + +# find the key fingerprint of the newly generated key +fingerprint=$(fingerprint_server_key) + +# export host ownertrust to authentication keyring +log verbose "setting ultimate owner trust for host key..." +echo "${fingerprint}:6:" | gpg_authentication "--import-ownertrust" + +# translate the private key to ssh format, and export to a file +# for sshs usage. +# NOTE: assumes that the primary key is the proper key to use +(umask 077 && \ + gpg_host --export-secret-key "$fingerprint" | \ + openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") +log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" +ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" +gpg_authentication "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + +# show info about new key +show_key + +} |