From de36d3b27039141ba6402cb91a19a1d852185a92 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 4 Feb 2009 14:11:42 -0500 Subject: tests: making the temporary directory be created in a new place. make sure the proxy command used in the test is the new subcommand. --- tests/basic | 11 ++++------- tests/home/testuser/.ssh/proxy-command | 3 ++- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/tests/basic b/tests/basic index 5c6b4bb..0cad727 100755 --- a/tests/basic +++ b/tests/basic @@ -89,12 +89,8 @@ trap failed_cleanup EXIT ## the tests, not system-wide: # make temp dir -TEMPDIR="$TESTDIR"/tmp -if [ -e "$TEMPDIR" ] ; then - echo "tempdir '$TEMPDIR' already exists." - exit 1 -fi -mkdir -p "$TEMPDIR" +mkdir -p "$TESTDIR"/tmp +TEMPDIR=$(mktemp -d ${TMPDIR:-"$TESTDIR"/tmp}/monkeyspheretest.XXXXXXX) # Use the local copy of executables first, instead of system ones. # This should help us test without installing. @@ -130,6 +126,7 @@ cp -a "$TESTDIR"/home/testuser "$TEMPDIR"/ # set up environment for testuser export TESTHOME="$TEMPDIR"/testuser export GNUPGHOME="$TESTHOME"/.gnupg +chmod 0700 "$GNUPGHOME" export SSH_ASKPASS="$TESTHOME"/.ssh/askpass export MONKEYSPHERE_HOME="$TESTHOME"/.monkeysphere cat <> "$TESTHOME"/.ssh/config @@ -236,7 +233,7 @@ gpgadmin --armor --export "$HOSTKEYID" | gpg --import # teach the "server" about the testuser's key echo "##################################################" echo "### export testuser key to server..." -gpg --export testuser | monkeysphere-authentication gpg-cmd --import +gpg --export testuser | monkeysphere-authentication expert gpg-cmd --import # update authorized_keys for user echo "##################################################" diff --git a/tests/home/testuser/.ssh/proxy-command b/tests/home/testuser/.ssh/proxy-command index 21c66fa..214cc23 100755 --- a/tests/home/testuser/.ssh/proxy-command +++ b/tests/home/testuser/.ssh/proxy-command @@ -3,6 +3,7 @@ # simple socket-based proxy-command wrapper for testing monkeysphere. # pass this thing the host, the port, and the socket. +which monkeysphere >&2 -monkeysphere-ssh-proxycommand --no-connect "$1" "$2" && \ +monkeysphere ssh-proxycommand --no-connect "$1" "$2" && \ exec socat STDIO UNIX:"$3" -- cgit v1.2.3 From 8eefc1b98f645d1462442cdb357bfcfe06a9c1e4 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 4 Feb 2009 15:03:25 -0500 Subject: tests/basic ensure that the directory is actually an absolute path, not a relative one. --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index 0cad727..455c057 100755 --- a/tests/basic +++ b/tests/basic @@ -90,7 +90,7 @@ trap failed_cleanup EXIT # make temp dir mkdir -p "$TESTDIR"/tmp -TEMPDIR=$(mktemp -d ${TMPDIR:-"$TESTDIR"/tmp}/monkeyspheretest.XXXXXXX) +TEMPDIR=$(mktemp -d ${TMPDIR:-$(cd "$TESTDIR" && printf "%s" $(pwd)/tmp)}/monkeyspheretest.XXXXXXX) # Use the local copy of executables first, instead of system ones. # This should help us test without installing. -- cgit v1.2.3 From f6b18f9a4ad203fd0e02bc7dab298246ffd4ea22 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 4 Feb 2009 15:19:58 -0500 Subject: set proper permissions on administrator gnupghome. --- tests/basic | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/basic b/tests/basic index 455c057..b0b5e9b 100755 --- a/tests/basic +++ b/tests/basic @@ -32,6 +32,7 @@ which socat >/dev/null || { echo "You must have socat installed to run this test # gpg command for test admin user gpgadmin() { + chmod 0700 "$TEMPDIR"/admin GNUPGHOME="$TEMPDIR"/admin/.gnupg gpg "$@" } -- cgit v1.2.3 From e7108ef5a8b136bea860f239ed1d2dc2110ff186 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 14:10:16 -0500 Subject: updated man page for pem2openpgp. --- man/man1/pem2openpgp.1 | 72 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 65 insertions(+), 7 deletions(-) diff --git a/man/man1/pem2openpgp.1 b/man/man1/pem2openpgp.1 index 8ac230b..ae75b11 100644 --- a/man/man1/pem2openpgp.1 +++ b/man/man1/pem2openpgp.1 @@ -4,24 +4,82 @@ .Os .Sh NAME pem2openpgp -.Nd translate PEM encoded keys to OpenPGP keys +.Nd translate PEM-encoded RSA keys to OpenPGP certificates .Sh SYNOPSIS -.Nm pem2openpgp $USERID < mykey.pem +.Nm pem2openpgp "$USERID" < mykey.pem | gpg --import .Pp -.Nm ??? gpg --export $KEYID | openpgp2ssh $KEYID -.Pp -.Nm ????gpg --export-secret-key $KEYID | openpgp2ssh $KEYID +.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authentication,certify pem2openpgp "$USERID" . .Sh BUGS +Only handles RSA keys at the moment. It would be nice to handle DSA +keys as well. +.Pp +Currently only creates certificates with a single User ID. Should be +able to create certificates with multiple User IDs. +.Pp +Currently only accepts unencrypted RSA keys. It should be able to +deal with passphrase-locked key material. +.Pp +Currently outputs OpenPGP certificates with cleartext secret key +material. It would be good to be able to lock the output with a +passphrase. +.Pp +If you find other bugs, please report them at +https://labs.riseup.net/code/projects/show/monkeysphere .Sh SEE ALSO .Xr openpgp2ssh 1, .Xr monkeysphere 1 , .Xr monkeysphere 7 , .Xr ssh 1 , -.Xr monkeysphere-server 8 +.Xr monkeysphere-host 8 , +.Xr monkeysphere-authentication 8 -- cgit v1.2.3 From 5b27a01c0f34d12118bfee293ec5d2bc8a51c822 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 14:11:04 -0500 Subject: pem2openpgp now supports generating the key as an alternative to reading it from stdin. --- src/keytrans/pem2openpgp | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/keytrans/pem2openpgp b/src/keytrans/pem2openpgp index c765002..2631da6 100755 --- a/src/keytrans/pem2openpgp +++ b/src/keytrans/pem2openpgp @@ -347,13 +347,16 @@ sub fingerprint { return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); } -# we're just not dealing with newline business right now. slurp in -# the whole file. -undef $/; -my $buf = ; - -my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf); +my $rsa; +if (defined $ENV{PEM2OPENPGP_NEWKEY}) { + $rsa = Crypt::OpenSSL::RSA->generate_key($ENV{PEM2OPENPGP_NEWKEY}); +} else { + # we're just not dealing with newline business right now. slurp in + # the whole file. + undef $/; + $rsa = Crypt::OpenSSL::RSA->new_private_key(); +} $rsa->use_sha1_hash(); -- cgit v1.2.3 From 3e9fd04d34bed8a8c6b43bf111a8b8bbbbe8663f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 14:24:49 -0500 Subject: updated pem2openpgp invocation in m-h import-key --- src/share/mh/import_key | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 2e73a8c..93afb0a 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -17,7 +17,7 @@ local hostName local userID local fingerprint -# check for presense of secret key +# check for presence of secret key # FIXME: is this the proper test to be doing here? fingerprint_host_key >/dev/null \ && failure "An OpenPGP host key already exists." @@ -32,8 +32,7 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "importing ssh key..." # translate ssh key to a private key -(umask 077 && \ - pem2openpgp "$userID" | gpg_host --import) +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | gpg_host --import # find the key fingerprint of the newly converted key fingerprint=$(fingerprint_host_key) -- cgit v1.2.3 From 54d5b4d4dd11e432cec4506d1a1eae1d13eb7f0e Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 14:29:42 -0500 Subject: restoring absolute paths to both TEMPDIR and TESTDIR in tests/basic. --- tests/basic | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index b0b5e9b..470fffa 100755 --- a/tests/basic +++ b/tests/basic @@ -17,7 +17,8 @@ set -e # piped commands should return the code of the first non-zero return set -o pipefail -export TESTDIR=$(dirname "$0") +# make sure the TESTDIR is an absolute path, not a relative one. +export TESTDIR=$(cd $(dirname "$0") && pwd) source "$TESTDIR"/common @@ -91,7 +92,7 @@ trap failed_cleanup EXIT # make temp dir mkdir -p "$TESTDIR"/tmp -TEMPDIR=$(mktemp -d ${TMPDIR:-$(cd "$TESTDIR" && printf "%s" $(pwd)/tmp)}/monkeyspheretest.XXXXXXX) +TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX)" # Use the local copy of executables first, instead of system ones. # This should help us test without installing. -- cgit v1.2.3 From 9aee235639e1475cd8aa476c7f2335b3c9ae9884 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 15:16:05 -0500 Subject: m-a setup: take advantage of the new ability of pem2openpgp to generate its own key. --- src/share/ma/setup | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/src/share/ma/setup b/src/share/ma/setup index 422cfd3..034f047 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -53,17 +53,8 @@ EOF local CORE_UID=$(printf "Monkeysphere authentication trust core UID (random string: %s)" $(head -c21 Date: Thu, 5 Feb 2009 15:18:17 -0500 Subject: fixing dumb typo in tests/basic --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index 470fffa..8c995f5 100755 --- a/tests/basic +++ b/tests/basic @@ -92,7 +92,7 @@ trap failed_cleanup EXIT # make temp dir mkdir -p "$TESTDIR"/tmp -TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX)" +TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/monkeyspheretest.XXXXXXX") # Use the local copy of executables first, instead of system ones. # This should help us test without installing. -- cgit v1.2.3 From d1819306cb0b60068d41a2c0d09a6e5b81d8b143 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 15:40:16 -0500 Subject: fixing out-of-date comments --- tests/basic | 2 +- tests/etc/monkeysphere/monkeysphere-authentication.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/basic b/tests/basic index 8c995f5..978f3d9 100755 --- a/tests/basic +++ b/tests/basic @@ -246,7 +246,7 @@ monkeysphere-authentication update-users $(whoami) ###################################################################### ### TESTS -# connect to test sshd, using monkeysphere-ssh-proxycommand to verify +# connect to test sshd, using monkeysphere ssh-proxycommand to verify # the identity before connection. This should work in both directions! echo "##################################################" echo "### ssh connection test for success..." diff --git a/tests/etc/monkeysphere/monkeysphere-authentication.conf b/tests/etc/monkeysphere/monkeysphere-authentication.conf index 9cc396f..b4ecc05 100644 --- a/tests/etc/monkeysphere/monkeysphere-authentication.conf +++ b/tests/etc/monkeysphere/monkeysphere-authentication.conf @@ -1,4 +1,4 @@ -# Base monkeysphere-server.conf for monkeysphere tests +# Base monkeysphere-authentication.conf for monkeysphere tests # AUTHORIZED_USER_IDS variable will be added dynamically during test. -- cgit v1.2.3 From 7485d66be9e4aebaf273b8b4082caa4c2404f6e7 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 15:53:18 -0500 Subject: tests/basic created the wrong monkeysphere-authentication.conf --- tests/basic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/basic b/tests/basic index 978f3d9..d9399f0 100755 --- a/tests/basic +++ b/tests/basic @@ -206,7 +206,7 @@ echo "##################################################" echo "### setup monkeysphere authentication..." cp "$TESTDIR"/etc/monkeysphere/monkeysphere-authentication.conf "$TEMPDIR"/ cat <> "$TEMPDIR"/monkeysphere-authentication.conf -AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authentication/authorized_user_ids" +AUTHORIZED_USER_IDS="$MONKEYSPHERE_HOME/authorized_user_ids" EOF monkeysphere-authentication setup get_gpg_prng_arg >> "$MONKEYSPHERE_SYSDATADIR"/authentication/sphere/gpg.conf -- cgit v1.2.3 From 9cc92238a9a9b21d37b983932d5a6a012cf80aba Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Sun, 8 Feb 2009 23:55:28 -0500 Subject: Some rearragement/cleanup in the monkeysphere-host: - define exported variable to hold host key fingerprint (HOST_FINGERPRINT) - broke out some common commands into simpler functions - rename the 'extend_key' function to be 'set_expire', since function is more generically offered now. --- src/monkeysphere-host | 76 ++++++++++++++++++++++++++++++++------------ src/share/mh/add_hostname | 16 ++-------- src/share/mh/extend_key | 35 -------------------- src/share/mh/revoke_hostname | 24 +++----------- src/share/mh/set_expire | 34 ++++++++++++++++++++ 5 files changed, 97 insertions(+), 88 deletions(-) delete mode 100644 src/share/mh/extend_key create mode 100644 src/share/mh/set_expire diff --git a/src/monkeysphere-host b/src/monkeysphere-host index a6fa62f..aa764db 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -80,16 +80,21 @@ su_monkeysphere_user() { # function to interact with the gpg keyring gpg_host() { - local returnCode + GNUPGHOME="$GNUPGHOME_HOST" gpg "$@" +} + +# command to list the info about the host key, in colon format +gpg_host_list() { + gpg_host --list-keys --with-colons --fixed-list-mode \ + --with-fingerprint --with-fingerprint \ + "0x${HOST_FINGERPRINT}!" - GNUPGHOME="$GNUPGHOME_HOST" - export GNUPGHOME +} - # NOTE: we supress this warning because we need the monkeysphere - # user to be able to read the host pubring. we realize this might - # be problematic, but it's the simplest solution, without too much - # loss of security. - gpg "$@" +# command for edit key scripts, takes scripts on stdin +gpg_host_edit() { + gpg_host --quiet --command-fd 0 --edit-key \ + "0x${HOST_FINGERPRINT}!" "$@" } # output just key fingerprint @@ -102,23 +107,48 @@ fingerprint_host_key() { grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null } +# output the index of a user ID on the host key +# return 1 if user ID not found +find_host_userid() { + local userID="$1" + local tmpuidMatch + local line + + # match to only ultimately trusted user IDs + tmpuidMatch="u:$(echo $userID | gpg_escape)" + + # find the index of the requsted user ID + # NOTE: this is based on circumstantial evidence that the order of + # this output is the appropriate index + line=$(gpg_host_list | egrep '^(uid|uat):' | cut -f2,10 -d: | \ + grep -n -x -F "$tmpuidMatch" 2>/dev/null) + + if [ "$line" ] ; then + echo ${line%%:*} + return 0 + else + return 1 + fi +} + # function to check for host secret key -check_host_keyring() { - fingerprint_host_key >/dev/null \ - || failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host import-key' first." +check_host_fail() { + [ "$HOST_FINGERPRINT" ] || \ + failure "You don't appear to have a Monkeysphere host key on this server. Please run 'monkeysphere-host expert import-key' first." } # show info about the host key show_key() { - local fingerprintPGP local fingerprintSSH - # FIXME: you shouldn't have to be root to see the host key fingerprint - check_host_keyring - fingerprintPGP=$(fingerprint_host_key) + # FIXME: should not have to be priviledged user to see this info. + # should be taken from publicly accessible key files, instead of + # the keyring. + + gpg_host --fingerprint --list-key --list-options show-unusable-uids \ + "0x${HOST_FINGERPRINT}!" 2>/dev/null - gpg_host --fingerprint --list-key --list-options show-unusable-uids "0x${fingerprintPGP}!" 2>/dev/null - echo "OpenPGP fingerprint: $fingerprintPGP" + echo "OpenPGP fingerprint: $HOST_FINGERPRINT" if [ -f "${MHDATADIR}/ssh_host_rsa_key.pub" ] ; then fingerprintSSH=$(ssh-keygen -l -f "${MHDATADIR}/ssh_host_rsa_key.pub" | \ @@ -155,6 +185,9 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} +# host key fingerprint +HOST_FINGERPRINT=$(fingerprint_host_key) + # export variables needed in su invocation export DATE export MODE @@ -163,23 +196,24 @@ export MONKEYSPHERE_USER export KEYSERVER export GNUPGHOME_HOST export GNUPGHOME +export HOST_FINGERPRINT # get subcommand COMMAND="$1" [ "$COMMAND" ] || failure "Type '$PGRM help' for usage." shift + case $COMMAND in 'show-key'|'show'|'s') check_host_keyring show_key ;; - # FIXME: what should we call this command? 'set-expire'|'extend-key'|'e') check_host_keyring - source "${MHSHAREDIR}/extend_key" - extend_key "$@" + source "${MHSHAREDIR}/set_expire" + set_expire "$@" ;; 'add-hostname'|'add-name'|'n+') @@ -212,7 +246,7 @@ case $COMMAND in publish_key ;; - 'expert'|'e') + 'expert') SUBCOMMAND="$1" shift case "$SUBCOMMAND" in diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname index 267f109..46326bb 100644 --- a/src/share/mh/add_hostname +++ b/src/share/mh/add_hostname @@ -27,18 +27,9 @@ fi userID="ssh://${1}" -fingerprint=$(fingerprint_host_key) - -# match to only ultimately trusted user IDs -tmpuidMatch="u:$(echo $userID | gpg_escape)" - -# find the index of the requsted user ID -# NOTE: this is based on circumstantial evidence that the order of -# this output is the appropriate index -if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \ - | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then +# test that the desired user ID does not already exist +find_host_userid > /dev/null && \ failure "Host userID '$userID' already exists." -fi echo "The following user ID will be added to the host key:" echo " $userID" @@ -58,8 +49,7 @@ EOF ) # execute edit-key script -if echo "$adduidCommand" | \ - gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then +if echo "$adduidCommand" | gpg_host_edit ; then show_key diff --git a/src/share/mh/extend_key b/src/share/mh/extend_key deleted file mode 100644 index 79ee267..0000000 --- a/src/share/mh/extend_key +++ /dev/null @@ -1,35 +0,0 @@ -# -*-shell-script-*- -# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) - -# Monkeysphere host extend-key subcommand -# -# The monkeysphere scripts are written by: -# Jameson Rollins -# Jamie McClelland -# Daniel Kahn Gillmor -# -# They are Copyright 2008-2009, and are all released under the GPL, -# version 3 or later. - -# extend the lifetime of a host key: - -extend_key() { - -local fpr=$(fingerprint_host_key) -local extendTo="$1" - -# get the new expiration date -extendTo=$(get_gpg_expiration "$extendTo") - -gpg_host --quiet --command-fd 0 --edit-key "$fpr" < +# Jamie McClelland +# Daniel Kahn Gillmor +# +# They are Copyright 2008-2009, and are all released under the GPL, +# version 3 or later. + +set-expire() { + +local extendTo + +# get the new expiration date +extendTo=$(get_gpg_expiration "$1") + +gpg_host_edit expire < Date: Mon, 9 Feb 2009 00:21:40 -0500 Subject: Break out host export commands into gpg_host_export and gpg_host_export_to_ssh_file functions, and update the {gen,import}_key functions accordingly. --- src/monkeysphere-host | 13 +++++++++++++ src/share/mh/gen_key | 12 ++++++------ src/share/mh/import_key | 10 +++++----- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index aa764db..bcb570b 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -97,6 +97,19 @@ gpg_host_edit() { "0x${HOST_FINGERPRINT}!" "$@" } +# export the host key to stdout +gpg_host_export() { + gpg_host --export --armor --export-options export-minimal \ + "0x${HOST_FINGERPRINT}!" +} + +# export the host key to the monkeysphere host file key +gpg_host_export_to_ssh_file() { + log debug "exporting openpgp public key..." + gpg_host_export > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +} + # output just key fingerprint fingerprint_host_key() { # set the pipefail option so functions fails if can't read sec key diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index eb951cf..c75ad65 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -79,15 +79,16 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "generating host key..." echo "$keyParameters" | gpg_host --batch --gen-key -# find the key fingerprint of the newly generated key -fingerprint=$(fingerprint_host_key) +# find the key fingerprint of the newly converted key +HOST_FINGERPRINT=$(fingerprint_host_key) +export HOST_FINGERPRINT # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use log debug "exporting new secret key to ssh format..." (umask 077 && \ - gpg_host --export-secret-key "$fingerprint" | \ + gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key") log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" @@ -95,9 +96,8 @@ log debug "creating ssh public key..." ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" -log debug "exporting openpgp public key..." -gpg_host --export-options export-minimal --armor --export "0x${fingerprint}!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +# export public key to file +gpg_host_export_to_ssh_file # show info about new key show_key diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 93afb0a..6a897b6 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -32,15 +32,15 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "importing ssh key..." # translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | gpg_host --import +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ + gpg_host --import # find the key fingerprint of the newly converted key -fingerprint=$(fingerprint_host_key) +HOST_FINGERPRINT=$(fingerprint_host_key) +export HOST_FINGERPRINT # export public key to file -log debug "exporting openpgp public key..." -gpg_host --export-options export-minimal --armor --export "0x${fingerprint}!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host_export_to_ssh_file # show info about new key show_key -- cgit v1.2.3 From c0ab14d9df7959057a04f2ebd837c50e169c1c01 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 00:30:04 -0500 Subject: a couple of small fixes to the {gen,import}_key functions --- src/share/mh/gen_key | 56 +++++++++++++++++-------------------------------- src/share/mh/import_key | 8 +++---- 2 files changed, 22 insertions(+), 42 deletions(-) diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index c75ad65..1f8e97e 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -13,19 +13,16 @@ gen_key() { +local hostName=$(hostname -f) local keyType="RSA" local keyLength="2048" local keyUsage="auth" local keyExpire="0" -local hostName=$(hostname -f) local userID -local keyParameters -local fingerprint -# check for presense of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_host_key >/dev/null \ - && failure "An OpenPGP host key already exists." +# check for presense of a key +[ "$FINGERPRINT" ] && \ + failure "An OpenPGP host key already exists." # get options while true ; do @@ -39,45 +36,30 @@ while true ; do failure "Unknown option '$1'. Type '$PGRM help' for usage." fi - hostName="$1" - shift break ;; esac done +hostName="$1" userID="ssh://${hostName}" -# set key parameters -keyParameters=\ -"Key-Type: $keyType +# create host home +mkdir -p "$GNUPGHOME_HOST" +chmod 700 "$GNUPGHOME_HOST" + +log debug "generating host key..." +gpg_host --batch --gen-key < "${MHDATADIR}/ssh_host_rsa_key") + openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" log debug "creating ssh public key..." -ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" -log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" +ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" # export public key to file gpg_host_export_to_ssh_file diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 6a897b6..1efb1ac 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -15,12 +15,10 @@ import_key() { local hostName local userID -local fingerprint -# check for presence of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_host_key >/dev/null \ - && failure "An OpenPGP host key already exists." +# check for presense of a key +[ "$FINGERPRINT" ] && \ + failure "An OpenPGP host key already exists." hostName=${1:-$(hostname -f)} -- cgit v1.2.3 From 69354c87864076343793fb270b296ccb89bf3759 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 00:42:16 -0500 Subject: define variable for public key files (HOST_KEY_PUB, HOST_KEY_PUB_GPG). also, fix some function calls to check_host_fail function. --- src/monkeysphere-host | 36 +++++++++++++++++++++--------------- src/share/mh/gen_key | 4 ++-- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index bcb570b..3c2e3ee 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -14,6 +14,9 @@ ######################################################################## set -e +# set the pipefail option so pipelines fail on first command failure +set -o pipefail + PGRM=$(basename $0) SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"} @@ -106,15 +109,13 @@ gpg_host_export() { # export the host key to the monkeysphere host file key gpg_host_export_to_ssh_file() { log debug "exporting openpgp public key..." - gpg_host_export > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" - log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" + + gpg_host_export > "$HOST_KEY_PUB_GPG" + log info "SSH host public key in OpenPGP form: $HOST_KEY_PUB_GPG" } # output just key fingerprint fingerprint_host_key() { - # set the pipefail option so functions fails if can't read sec key - set -o pipefail - gpg_host --list-secret-keys --fingerprint \ --with-colons --fixed-list-mode 2> /dev/null | \ grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null @@ -163,12 +164,13 @@ show_key() { echo "OpenPGP fingerprint: $HOST_FINGERPRINT" - if [ -f "${MHDATADIR}/ssh_host_rsa_key.pub" ] ; then - fingerprintSSH=$(ssh-keygen -l -f "${MHDATADIR}/ssh_host_rsa_key.pub" | \ + if [ -f "$HOST_KEY_PUB" ] ; then + fingerprintSSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" | \ awk '{ print $1, $2, $4 }') + echo "ssh fingerprint: $fingerprintSSH" else - log info "SSH host key not found." + log error "SSH host key not found." fi # FIXME: show expiration date @@ -201,6 +203,10 @@ GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} # host key fingerprint HOST_FINGERPRINT=$(fingerprint_host_key) +# host pub key files +HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" +HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg" + # export variables needed in su invocation export DATE export MODE @@ -219,42 +225,42 @@ shift case $COMMAND in 'show-key'|'show'|'s') - check_host_keyring + check_host_fail show_key ;; 'set-expire'|'extend-key'|'e') - check_host_keyring + check_host_fail source "${MHSHAREDIR}/set_expire" set_expire "$@" ;; 'add-hostname'|'add-name'|'n+') - check_host_keyring + check_host_fail source "${MHSHAREDIR}/add_hostname" add_hostname "$@" ;; 'revoke-hostname'|'revoke-name'|'n-') - check_host_keyring + check_host_fail source "${MHSHAREDIR}/revoke_hostname" revoke_hostname "$@" ;; 'add-revoker'|'o') - check_host_keyring + check_host_fail source "${MHSHAREDIR}/add_revoker" add_revoker "$@" ;; 'revoke-key'|'r') - check_host_keyring + check_host_fail source "${MHSHAREDIR}/revoke_key" revoke_key "$@" ;; 'publish-key'|'publish'|'p') - check_host_keyring + check_host_fail source "${MHSHAREDIR}/publish_key" publish_key ;; diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 1f8e97e..44109bb 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -75,8 +75,8 @@ log debug "exporting ssh secret key..." log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" log debug "creating ssh public key..." -ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" -log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" +ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB" +log info "SSH host public key output to file: $HOST_KEY_PUB" # export public key to file gpg_host_export_to_ssh_file -- cgit v1.2.3 From 55369617d8c00de548fabfbad02ba444f701be43 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 00:47:17 -0500 Subject: break su_monkeysphere_user into common function, since it will likely be needed by both m-host and m-auth for communicating with keyservers. --- src/monkeysphere-authentication | 15 +-------------- src/monkeysphere-host | 13 ------------- src/share/common | 13 +++++++++++++ 3 files changed, 14 insertions(+), 27 deletions(-) diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 4485bd4..6d2e72c 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -70,19 +70,6 @@ subcommands: EOF } -# function to run command as monkeysphere user -su_monkeysphere_user() { - # if the current user is the monkeysphere user, then just eval - # command - if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - eval "$@" - - # otherwise su command as monkeysphere user - else - su "$MONKEYSPHERE_USER" -c "$@" - fi -} - # function to interact with the gpg core keyring gpg_core() { GNUPGHOME="$GNUPGHOME_CORE" @@ -184,7 +171,7 @@ case $COMMAND in list_certifiers "$@" ;; - 'expert'|'e') + 'expert') SUBCOMMAND="$1" shift case "$SUBCOMMAND" in diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 3c2e3ee..506dcf9 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -68,19 +68,6 @@ subcommands: EOF } -# function to run command as monkeysphere user -su_monkeysphere_user() { - # if the current user is the monkeysphere user, then just eval - # command - if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then - eval "$@" - - # otherwise su command as monkeysphere user - else - su "$MONKEYSPHERE_USER" -c "$@" - fi -} - # function to interact with the gpg keyring gpg_host() { GNUPGHOME="$GNUPGHOME_HOST" gpg "$@" diff --git a/src/share/common b/src/share/common index 00a1008..2a20c1c 100644 --- a/src/share/common +++ b/src/share/common @@ -90,6 +90,19 @@ log() { done } +# run command as monkeysphere user +su_monkeysphere_user() { + # if the current user is the monkeysphere user, then just eval + # command + if [ $(id -un) = "$MONKEYSPHERE_USER" ] ; then + eval "$@" + + # otherwise su command as monkeysphere user + else + su "$MONKEYSPHERE_USER" -c "$@" + fi +} + # cut out all comments(#) and blank lines from standard input meat() { grep -v -e "^[[:space:]]*#" -e '^$' "$1" -- cgit v1.2.3 From 02edd9b326a8c8ac99b132c4989d117e18394924 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 01:39:50 -0500 Subject: fix name of set_expire function --- src/share/mh/set_expire | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire index 2389e57..653149f 100644 --- a/src/share/mh/set_expire +++ b/src/share/mh/set_expire @@ -14,7 +14,7 @@ # They are Copyright 2008-2009, and are all released under the GPL, # version 3 or later. -set-expire() { +set_expire() { local extendTo -- cgit v1.2.3 From 563800612b54203d5cd68aedfd9d482215d9289d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 01:41:30 -0500 Subject: rename function to get the host fingerprint, and fix some HOST_FINGERPRINT variables. --- src/monkeysphere-host | 15 +++++++-------- src/share/mh/gen_key | 4 ++-- src/share/mh/import_key | 4 ++-- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 506dcf9..be398b1 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -102,10 +102,13 @@ gpg_host_export_to_ssh_file() { } # output just key fingerprint -fingerprint_host_key() { +# FIXME: should not have to be priviledged user to get host +# fingerprint. should be taken from publicly accessible key files, +# instead of the keyring. +get_host_fingerprint() { gpg_host --list-secret-keys --fingerprint \ --with-colons --fixed-list-mode 2> /dev/null | \ - grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null + grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null || true } # output the index of a user ID on the host key @@ -142,12 +145,9 @@ check_host_fail() { show_key() { local fingerprintSSH - # FIXME: should not have to be priviledged user to see this info. - # should be taken from publicly accessible key files, instead of - # the keyring. - gpg_host --fingerprint --list-key --list-options show-unusable-uids \ "0x${HOST_FINGERPRINT}!" 2>/dev/null + # FIXME: make sure expiration date is shown echo "OpenPGP fingerprint: $HOST_FINGERPRINT" @@ -160,7 +160,6 @@ show_key() { log error "SSH host key not found." fi - # FIXME: show expiration date # FIXME: other relevant key parameters? } @@ -188,7 +187,7 @@ CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} # host key fingerprint -HOST_FINGERPRINT=$(fingerprint_host_key) +HOST_FINGERPRINT=$(get_host_fingerprint) # host pub key files HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 44109bb..7b427e4 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -21,7 +21,7 @@ local keyExpire="0" local userID # check for presense of a key -[ "$FINGERPRINT" ] && \ +[ "$HOST_FINGERPRINT" ] && \ failure "An OpenPGP host key already exists." # get options @@ -62,7 +62,7 @@ Expire-Date: $keyExpire EOF # find the key fingerprint of the newly converted key -HOST_FINGERPRINT=$(fingerprint_host_key) +HOST_FINGERPRINT=$(get_host_fingerprint) export HOST_FINGERPRINT # translate the private key to ssh format, and export to a file diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 1efb1ac..99511a8 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -17,7 +17,7 @@ local hostName local userID # check for presense of a key -[ "$FINGERPRINT" ] && \ +[ "$HOST_FINGERPRINT" ] && \ failure "An OpenPGP host key already exists." hostName=${1:-$(hostname -f)} @@ -34,7 +34,7 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ gpg_host --import # find the key fingerprint of the newly converted key -HOST_FINGERPRINT=$(fingerprint_host_key) +HOST_FINGERPRINT=$(get_host_fingerprint) export HOST_FINGERPRINT # export public key to file -- cgit v1.2.3 From 54d24867975e5d8673b681e511f8b8fc6210a633 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 01:51:02 -0500 Subject: small formatting tweaks to add_certifier function --- src/share/ma/add_certifier | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 60a4f9d..e9731cc 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -27,19 +27,15 @@ add_certifier() { -local domain -local trust -local depth +local domain= +local trust=full +local depth=1 local keyID +local importinfo local fingerprint local ltsignCommand local trustval -# set default values for trust depth and domain -domain= -trust=full -depth=1 - # get options while true ; do case "$1" in @@ -90,7 +86,7 @@ if [ -f "$keyID" ] ; then keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then - failure "Expected there to be a single gpg key in the file." + failure "There was not exactly one gpg key in the file." fi else # get the key from the key server @@ -132,8 +128,7 @@ case "$trust" in ;; esac -# this is the gpg "script" that gpg --edit-key will execute for the -# core to sign certifier. +# edit-key script to ltsign key # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat < Date: Mon, 9 Feb 2009 01:52:00 -0500 Subject: add much of an add_revoker function. still needs to be fleshed out and tested, though, so it's not "active" yet. --- src/share/mh/add_revoker | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index f9d0bb6..39dfaca 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -15,7 +15,92 @@ add_revoker() { +local domain= +local trust=full +local depth=1 +local keyID +local importinfo +local fingerprint +local ltsignCommand +local trustval + +keyID="$1" +if [ -z "$keyID" ] ; then + failure "You must specify the key ID of a revoker key, or specify a file to read the key from." +fi +if [ -f "$keyID" ] ; then + log info "Reading key from file '$keyID':" + importinfo=$(gpg_host --import < "$keyID" 2>&1) || failure "could not read key from '$keyID'" + # FIXME: if this is tried when the key database is not + # up-to-date, i got these errors (using set -x): + + # ++ su -m monkeysphere -c '\''gpg --import'\'' + # Warning: using insecure memory! + # gpg: key D21739E9: public key "Daniel Kahn Gillmor " imported + # gpg: Total number processed: 1 + # gpg: imported: 1 (RSA: 1) + # gpg: can'\''t create `/var/monkeysphere/gnupg-host/pubring.gpg.tmp'\'': Permission denied + # gpg: failed to rebuild keyring cache: Permission denied + # gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model + # gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + # gpg: next trustdb check due at 2009-01-10' + # + failure 'could not read key from '\''/root/dkg.gpg'\''' + # + echo 'could not read key from '\''/root/dkg.gpg'\''' + + keyID=$(echo "$importinfo" | grep '^gpg: key ' | cut -f2 -d: | cut -f3 -d\ ) + if [ -z "$keyID" ] || [ $(echo "$keyID" | wc -l) -ne 1 ] ; then + failure "There was not exactly one gpg key in the file." + fi +else + # create a temporary directory for storing the downloaded key + TMPLOC=$(mktemp -d ${MHTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!" + + # download the key from the keyserver as the monkeysphere user + su_monkeysphere_user \ + "GNUPGHOME=$TMPLOC gpg --keyserver $KEYSERVER --recv-key 0x${keyID}!" + + # export the new key to the host keyring + su_monkeysphere_user "GNUPGHOME=$TMPLOC gpg --export 0x${keyID}!" \ + | gpg_host --import +fi + +export keyID + +# get the full fingerprint of the revoker key ID +fingerprint=$(gpg_host --list-key --with-colons --with-fingerprint "0x${keyID}!" \ + | grep '^fpr:' | grep "$keyID" | cut -d: -f10) + +if [ -z "$fingerprint" ] ; then + failure "Key '$keyID' not found." +fi + +log info -e "\nkey found:" +gpg_host --fingerprint "0x${fingerprint}!" + +echo "Are you sure you want to add the above key as a" +read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N} +if [ "${OK/y/Y}" != 'Y' ] ; then + failure "Revoker not added." +fi + +# edit-key script to add revoker +# NOTE: *all* user IDs will be ltsigned +addrevokerCommand=$(cat <