From 3e9fd04d34bed8a8c6b43bf111a8b8bbbbe8663f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 5 Feb 2009 14:24:49 -0500 Subject: updated pem2openpgp invocation in m-h import-key --- src/share/mh/import_key | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/share/mh/import_key') diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 2e73a8c..93afb0a 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -17,7 +17,7 @@ local hostName local userID local fingerprint -# check for presense of secret key +# check for presence of secret key # FIXME: is this the proper test to be doing here? fingerprint_host_key >/dev/null \ && failure "An OpenPGP host key already exists." @@ -32,8 +32,7 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "importing ssh key..." # translate ssh key to a private key -(umask 077 && \ - pem2openpgp "$userID" | gpg_host --import) +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | gpg_host --import # find the key fingerprint of the newly converted key fingerprint=$(fingerprint_host_key) -- cgit v1.2.3 From f728df69bbb04ed21a437832c486590cc5a83684 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 00:21:40 -0500 Subject: Break out host export commands into gpg_host_export and gpg_host_export_to_ssh_file functions, and update the {gen,import}_key functions accordingly. --- src/monkeysphere-host | 13 +++++++++++++ src/share/mh/gen_key | 12 ++++++------ src/share/mh/import_key | 10 +++++----- 3 files changed, 24 insertions(+), 11 deletions(-) (limited to 'src/share/mh/import_key') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index aa764db..bcb570b 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -97,6 +97,19 @@ gpg_host_edit() { "0x${HOST_FINGERPRINT}!" "$@" } +# export the host key to stdout +gpg_host_export() { + gpg_host --export --armor --export-options export-minimal \ + "0x${HOST_FINGERPRINT}!" +} + +# export the host key to the monkeysphere host file key +gpg_host_export_to_ssh_file() { + log debug "exporting openpgp public key..." + gpg_host_export > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" + log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +} + # output just key fingerprint fingerprint_host_key() { # set the pipefail option so functions fails if can't read sec key diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index eb951cf..c75ad65 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -79,15 +79,16 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "generating host key..." echo "$keyParameters" | gpg_host --batch --gen-key -# find the key fingerprint of the newly generated key -fingerprint=$(fingerprint_host_key) +# find the key fingerprint of the newly converted key +HOST_FINGERPRINT=$(fingerprint_host_key) +export HOST_FINGERPRINT # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use log debug "exporting new secret key to ssh format..." (umask 077 && \ - gpg_host --export-secret-key "$fingerprint" | \ + gpg_host --export-secret-key "$HOST_FINGERPRINT" | \ openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key") log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" @@ -95,9 +96,8 @@ log debug "creating ssh public key..." ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" -log debug "exporting openpgp public key..." -gpg_host --export-options export-minimal --armor --export "0x${fingerprint}!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +# export public key to file +gpg_host_export_to_ssh_file # show info about new key show_key diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 93afb0a..6a897b6 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -32,15 +32,15 @@ chmod 700 "$GNUPGHOME_HOST" log verbose "importing ssh key..." # translate ssh key to a private key -PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | gpg_host --import +PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ + gpg_host --import # find the key fingerprint of the newly converted key -fingerprint=$(fingerprint_host_key) +HOST_FINGERPRINT=$(fingerprint_host_key) +export HOST_FINGERPRINT # export public key to file -log debug "exporting openpgp public key..." -gpg_host --export-options export-minimal --armor --export "0x${fingerprint}!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" -log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" +gpg_host_export_to_ssh_file # show info about new key show_key -- cgit v1.2.3 From c0ab14d9df7959057a04f2ebd837c50e169c1c01 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 00:30:04 -0500 Subject: a couple of small fixes to the {gen,import}_key functions --- src/share/mh/gen_key | 56 +++++++++++++++++-------------------------------- src/share/mh/import_key | 8 +++---- 2 files changed, 22 insertions(+), 42 deletions(-) (limited to 'src/share/mh/import_key') diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index c75ad65..1f8e97e 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -13,19 +13,16 @@ gen_key() { +local hostName=$(hostname -f) local keyType="RSA" local keyLength="2048" local keyUsage="auth" local keyExpire="0" -local hostName=$(hostname -f) local userID -local keyParameters -local fingerprint -# check for presense of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_host_key >/dev/null \ - && failure "An OpenPGP host key already exists." +# check for presense of a key +[ "$FINGERPRINT" ] && \ + failure "An OpenPGP host key already exists." # get options while true ; do @@ -39,45 +36,30 @@ while true ; do failure "Unknown option '$1'. Type '$PGRM help' for usage." fi - hostName="$1" - shift break ;; esac done +hostName="$1" userID="ssh://${hostName}" -# set key parameters -keyParameters=\ -"Key-Type: $keyType +# create host home +mkdir -p "$GNUPGHOME_HOST" +chmod 700 "$GNUPGHOME_HOST" + +log debug "generating host key..." +gpg_host --batch --gen-key < "${MHDATADIR}/ssh_host_rsa_key") + openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key") log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" log debug "creating ssh public key..." -ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" -log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" +ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub" +log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub" # export public key to file gpg_host_export_to_ssh_file diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 6a897b6..1efb1ac 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -15,12 +15,10 @@ import_key() { local hostName local userID -local fingerprint -# check for presence of secret key -# FIXME: is this the proper test to be doing here? -fingerprint_host_key >/dev/null \ - && failure "An OpenPGP host key already exists." +# check for presense of a key +[ "$FINGERPRINT" ] && \ + failure "An OpenPGP host key already exists." hostName=${1:-$(hostname -f)} -- cgit v1.2.3 From 563800612b54203d5cd68aedfd9d482215d9289d Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 9 Feb 2009 01:41:30 -0500 Subject: rename function to get the host fingerprint, and fix some HOST_FINGERPRINT variables. --- src/monkeysphere-host | 15 +++++++-------- src/share/mh/gen_key | 4 ++-- src/share/mh/import_key | 4 ++-- 3 files changed, 11 insertions(+), 12 deletions(-) (limited to 'src/share/mh/import_key') diff --git a/src/monkeysphere-host b/src/monkeysphere-host index 506dcf9..be398b1 100755 --- a/src/monkeysphere-host +++ b/src/monkeysphere-host @@ -102,10 +102,13 @@ gpg_host_export_to_ssh_file() { } # output just key fingerprint -fingerprint_host_key() { +# FIXME: should not have to be priviledged user to get host +# fingerprint. should be taken from publicly accessible key files, +# instead of the keyring. +get_host_fingerprint() { gpg_host --list-secret-keys --fingerprint \ --with-colons --fixed-list-mode 2> /dev/null | \ - grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null + grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null || true } # output the index of a user ID on the host key @@ -142,12 +145,9 @@ check_host_fail() { show_key() { local fingerprintSSH - # FIXME: should not have to be priviledged user to see this info. - # should be taken from publicly accessible key files, instead of - # the keyring. - gpg_host --fingerprint --list-key --list-options show-unusable-uids \ "0x${HOST_FINGERPRINT}!" 2>/dev/null + # FIXME: make sure expiration date is shown echo "OpenPGP fingerprint: $HOST_FINGERPRINT" @@ -160,7 +160,6 @@ show_key() { log error "SSH host key not found." fi - # FIXME: show expiration date # FIXME: other relevant key parameters? } @@ -188,7 +187,7 @@ CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"} GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"} # host key fingerprint -HOST_FINGERPRINT=$(fingerprint_host_key) +HOST_FINGERPRINT=$(get_host_fingerprint) # host pub key files HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub" diff --git a/src/share/mh/gen_key b/src/share/mh/gen_key index 44109bb..7b427e4 100644 --- a/src/share/mh/gen_key +++ b/src/share/mh/gen_key @@ -21,7 +21,7 @@ local keyExpire="0" local userID # check for presense of a key -[ "$FINGERPRINT" ] && \ +[ "$HOST_FINGERPRINT" ] && \ failure "An OpenPGP host key already exists." # get options @@ -62,7 +62,7 @@ Expire-Date: $keyExpire EOF # find the key fingerprint of the newly converted key -HOST_FINGERPRINT=$(fingerprint_host_key) +HOST_FINGERPRINT=$(get_host_fingerprint) export HOST_FINGERPRINT # translate the private key to ssh format, and export to a file diff --git a/src/share/mh/import_key b/src/share/mh/import_key index 1efb1ac..99511a8 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -17,7 +17,7 @@ local hostName local userID # check for presense of a key -[ "$FINGERPRINT" ] && \ +[ "$HOST_FINGERPRINT" ] && \ failure "An OpenPGP host key already exists." hostName=${1:-$(hostname -f)} @@ -34,7 +34,7 @@ PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \ gpg_host --import # find the key fingerprint of the newly converted key -HOST_FINGERPRINT=$(fingerprint_host_key) +HOST_FINGERPRINT=$(get_host_fingerprint) export HOST_FINGERPRINT # export public key to file -- cgit v1.2.3