diff options
Diffstat (limited to 'src/share')
-rw-r--r-- | src/share/ma/setup | 12 | ||||
-rw-r--r-- | src/share/ma/update_users | 2 | ||||
-rw-r--r-- | src/share/mh/gen_key | 12 | ||||
-rw-r--r-- | src/share/mh/import_key | 4 |
4 files changed, 17 insertions, 13 deletions
diff --git a/src/share/ma/setup b/src/share/ma/setup index abce3af..672a960 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -12,8 +12,9 @@ # version 3 or later. setup() { - # make the core and the sphere: - mkdir -p "${SYSDATADIR}"/authentication + # make all needed directories + mkdir -p "${MADATADIR}" + mkdir -p "${MATMPDIR}" mkdir -p "${GNUPGHOME_SPHERE}" mkdir -p "${GNUPGHOME_CORE}" @@ -46,14 +47,17 @@ EOF local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 </dev/urandom | base64)) - local TMPLOC=$(mktemp -d ${MATMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" - ssh-keygen -q -b 2048 -t rsa -N'' "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" + local TMPLOC=$(mktemp -d "${MATMPDIR}"/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + # generate the key with ssh-keygen... + ssh-keygen -q -b 1024 -t rsa -N '' -f "${TMPLOC}/authkey" || failure "Could not generate new key for Monkeysphere authentication trust core" + # and then translate to openpgp encoding and import # FIXME: pem2openpgp currently sets the A flag and a short # expiration date. We should set the C flag and no expiration # date. < "${TMPLOC}/authkey" pem2openpgp "$CORE_UID" | gpg --import || failure "Could not import new key for Monkeysphere authentication trust core" + gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key CORE_FPR=$(gpg_core --with-colons --fixed-list-mode --fingerprint --list-secret-key | grep ^fpr: | cut -f10 -d: ) if [ -z "$CORE_FPR" ] ; then failure "Failed to create Monkeysphere authentication trust core!" diff --git a/src/share/ma/update_users b/src/share/ma/update_users index 73685f6..e9e3cc6 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -35,7 +35,7 @@ MODE="authorized_keys" GNUPGHOME="$GNUPGHOME_SPHERE" # the authorized_keys directory -authorizedKeysDir="${SYSDATADIR}/authentication/authorized_keys" +authorizedKeysDir="${MADATADIR}/authorized_keys" # check to see if the gpg trust database has been initialized if [ ! -s "${GNUPGHOME}/trustdb.gpg" ] ; then diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 162a64e..c0445db 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -90,12 +90,12 @@ fingerprint=$(fingerprint_server_key) # NOTE: assumes that the primary key is the proper key to use (umask 077 && \ gpg_host --export-secret-key "$fingerprint" | \ - openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key") -log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key" -ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" -log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" -gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key") +log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" +ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key show_key diff --git a/src/share/mh/import_key b/src/share/mh/import_key index c0d5956..0f16d27 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -79,8 +79,8 @@ log verbose "setting ultimate owner trust for host key..." echo "${fingerprint}:6:" | gpg_host "--import-ownertrust" # export public key to file -gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host "--export-options export-minimal --armor --export 0x${fingerprint}\!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key show_key |