From f2a93256896ca4a6e8bafb7b79b378b45f8ec4f4 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 4 Aug 2008 09:27:50 -0700 Subject: update my contact info. --- website/download.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/download.mdwn b/website/download.mdwn index 006654d..a4228dd 100644 --- a/website/download.mdwn +++ b/website/download.mdwn @@ -22,7 +22,7 @@ can [git clone](http://www.kernel.org/pub/software/scm/git/docs/git-clone.html) any of the developer repositories, including: -[Jameson Graef Rollins](mailto:jrollins@phys.columbia.edu): +[Jameson Graef Rollins](http://cmrg.fifthhorseman.net/wiki/jrollins): git clone http://lair.fifthhorseman.net/~jrollins/git/monkeysphere.git monkeysphere -- cgit v1.2.3 From e238f6d15705176f076ad02d62501190d1008c92 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 5 Aug 2008 12:13:49 -0400 Subject: cleanup and explanation for seckey2sshagent hack. --- src/seckey2sshagent | 76 ++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 66 insertions(+), 10 deletions(-) diff --git a/src/seckey2sshagent b/src/seckey2sshagent index 1266db5..deab489 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -21,15 +21,63 @@ cleanup() { echo "done." 1>&2 } +explanation() { + + echo -n "The basic strategy of seckey2sshagent is to dump your +OpenPGP authentication key(s) into your agent. + +This script is a gross hack at the moment. It is done by creating a +new, temporary private keyring, letting the user remove the +passphrases from the keys, and then exporting them. The temporary +private keyring is purged from the system. + +When you use this command, you'll find yourself dropped into a GPG +'edit-key' dialog relevant *only* to the temporary private keyring. + +At that point, you should clear the password from your key, with: + + passwd + + +followed by the empty string for the new password. GPG will ask you +if you're really sure. Answer yes, because this is only relevant to +the temporary keyring. Then, do: + + save + exit + +At this point, your key will be added to your running ssh-agent with +the alias 'monkeysphere-key' and seckey2sshagent should terminate. +You can check on it with: + + ssh-add -l + +" + +} + +# if no hex string is supplied, just print an explanation. +# this covers seckey2sshagent --help, --usage, -h, etc... +if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then + explanation + exit +fi + trap cleanup EXIT -#GPGID="$1" -GPGID=$(echo "$1" | cut -c 25-) +GPGIDS="$1" -FOO=$(mktemp -d) +if [ -z "$GPGIDS" ]; then + # default to using all fingerprints of authentication-enabled keys + GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) +fi -gpg --export-secret-key $GPGID | GNUPGHOME="$FOO" gpg --import +for GPGID in $GPGIDS; do + TMPPRIVATE=$(mktemp -d) + + gpg --export-secret-key $GPGID | GNUPGHOME="$TMPPRIVATE" gpg --import + # idea to script the password stuff. not working. # read -s -p "enter gpg password: " PASSWD; echo # cmd=$(cat < Date: Tue, 5 Aug 2008 12:25:59 -0400 Subject: properly clean up temporary keyring with seckey2sshagent. --- src/seckey2sshagent | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/seckey2sshagent b/src/seckey2sshagent index deab489..8f3d54d 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -17,7 +17,7 @@ cleanup() { echo -n "removing temp gpg home... " 1>&2 - rm -rf $FOO + rm -rf "$TMPPRIVATE" echo "done." 1>&2 } @@ -44,7 +44,6 @@ if you're really sure. Answer yes, because this is only relevant to the temporary keyring. Then, do: save - exit At this point, your key will be added to your running ssh-agent with the alias 'monkeysphere-key' and seckey2sshagent should terminate. -- cgit v1.2.3 From 5c4044146eb0869129b39451599104075c9f6c82 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 5 Aug 2008 12:34:17 -0400 Subject: seckey2sshagent now adds keys with semantic alias including full OpenPGP fingerprint. --- src/seckey2sshagent | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/seckey2sshagent b/src/seckey2sshagent index 8f3d54d..2a98cf1 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # seckey2sshagent: this is a hack of a script to cope with the fact # that openpgp2ssh currently cannot support encrypted secret keys. @@ -75,7 +75,7 @@ for GPGID in $GPGIDS; do TMPPRIVATE=$(mktemp -d) - gpg --export-secret-key $GPGID | GNUPGHOME="$TMPPRIVATE" gpg --import + gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import # idea to script the password stuff. not working. # read -s -p "enter gpg password: " PASSWD; echo @@ -91,15 +91,16 @@ for GPGID in $GPGIDS; do # ) # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID - GNUPGHOME="$TMPPRIVATE" gpg --edit-key $GPGID - + GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID" + + KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')'' # creating this alias so the key is named "monkeysphere-key" in the # comment stored by the agent, while never being written to disk in # SSH form: - ln -s /dev/stdin "$TMPPRIVATE"/monkeysphere-key + ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME" - GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys $GPGID | \ - openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c monkeysphere-key) + GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \ + openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME") cleanup done -- cgit v1.2.3