diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common | 44 | ||||
| -rwxr-xr-x | src/monkeysphere-server | 15 |
2 files changed, 45 insertions, 14 deletions
@@ -532,6 +532,16 @@ process_authorized_keys() { # retrieve key from web of trust, and set owner trust to "full" # if key is found. trust_key() { + local keyID + local trustLevel + + keyID="$1" + trustLevel="$2" + + if [ -z "$keyID" ] ; then + failure "You must specify key to trust." + fi + # get the key from the key server if ! gpg --keyserver "$KEYSERVER" --recv-key "$keyID" ; then failure "Could not retrieve key '$keyID'." @@ -540,13 +550,41 @@ trust_key() { # get key fingerprint fingerprint=$(get_key_fingerprint "$keyID") + echo "key found:" + gpg --fingerprint "$fingerprint" + + while [ -z "$trustLevel" ] ; do + cat <<EOF +Please decide how far you trust this user to correctly verify other users' keys +(by looking at passports, checking fingerprints from different sources, etc.) + + 1 = I don't know or won't say + 2 = I do NOT trust + 3 = I trust marginally + 4 = I trust fully + 5 = I trust ultimately + +EOF + read -p "Your decision? " trustLevel + if echo "$trustLevel" | grep -v "[1-5]" ; then + echo "Unknown trust level '$trustLevel'." + unset trustLevel + elif [ "$trustLevel" = 'q' ] ; then + failure "Aborting." + fi + done + # attach a "non-exportable" signature to the key # this is required for the key to have any validity at all # the 'y's on stdin indicates "yes, i really want to sign" - echo -e 'y\ny' | gpg --lsign-key --command-fd 0 "$fingerprint" + echo -e 'y\ny' | gpg --quiet --lsign-key --command-fd 0 "$fingerprint" + + # index trustLevel by one to difference between level in ui and level + # internally + trustLevel=$((trustLevel+1)) - # import "full" trust for fingerprint into gpg - echo ${fingerprint}:5: | gpg --import-ownertrust + # import new owner trust level for key + echo "${fingerprint}:${trustLevel}:" | gpg --import-ownertrust if [ $? = 0 ] ; then log "Owner trust updated." else diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 40a6b54..f68f391 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -34,8 +34,8 @@ subcommands: update-users (s) [USER]... update users authorized_keys files gen-key (g) [HOSTNAME] generate gpg key for the server show-fingerprint (f) show server's host key fingerprint - publish-key (p) publish server key to keyserver - trust-keys (t) KEYID... mark keyids as trusted + publish-key (p) publish server's host key to keyserver + trust-key (t) KEYID [LEVEL] set owner trust for keyid help (h,?) this help EOF @@ -240,15 +240,8 @@ case $COMMAND in publish_server_key ;; - 'trust-keys'|'trust-key'|'t') - if [ -z "$1" ] ; then - failure "You must specify at least one key to trust." - fi - - # process key IDs - for keyID ; do - trust_key "$keyID" - done + 'trust-key'|'trust-key'|'t') + trust_key "$@" ;; 'help'|'h'|'?') |