From ce45ef5702e072e869fa9d1b703f99dc740eb000 Mon Sep 17 00:00:00 2001 From: Jameson Rollins Date: Fri, 15 Jan 2010 19:19:15 -0500 Subject: Major rework of monkeysphere-host to handle multiple host keys. This rework removes any assumption that monkeysphere-host is just managing a single host key, or that the keys are used specifically for ssh. The UI is exactly backwards compatible except that hostnames ('example.com') must be replaced by full service names ('ssh://example.com'). This incarnation passes the old tests with those changes only. There are a couple of things that still need to be done: - need to see if a transition script is needed (some local file names have changed) - need to fill in check_service_name function to verify that a specified service name fits the expected format. - update diagnostics appropriately --- src/share/mh/import_key | 44 +++++++++++++++++--------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) (limited to 'src/share/mh/import_key') diff --git a/src/share/mh/import_key b/src/share/mh/import_key index f7c69c3..ada2914 100644 --- a/src/share/mh/import_key +++ b/src/share/mh/import_key @@ -8,60 +8,50 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# They are Copyright 2008-2009 and are all released under the GPL, +# They are Copyright 2008-2010 and are all released under the GPL, # version 3 or later. import_key() { -local sshKeyFile -local hostName -local domain -local userID - -sshKeyFile="$1" -hostName="$2" +local keyFile="$1" +local serviceName="$2" # check that key file specified -if [ -z "$sshKeyFile" ] ; then - failure "Must specify ssh key file to import, or specify '-' for stdin." +if [ -z "$keyFile" ] ; then + failure "Must specify PEM-encoded key file to import, or specify '-' for stdin." fi # fail if hostname not specified -if [ -z "$hostName" ] ; then - failure "You must specify a fully-qualified domain name for use in the host certificate user ID." +if [ -z "$serviceName" ] ; then + failure "You must specify a service name for use in the OpenPGP certificate user ID." fi -userID="ssh://${hostName}" +# check that the service name is well formatted +check_service_name "$serviceName" # create host home mkdir -p "${MHDATADIR}" mkdir -p "${GNUPGHOME_HOST}" chmod 700 "${GNUPGHOME_HOST}" -# import ssh key to a private key -if [ "$sshKeyFile" = '-' ] ; then - log verbose "importing ssh key from stdin..." - PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ +# import pem-encoded key to an OpenPGP private key +if [ "$keyFile" = '-' ] ; then + log verbose "importing key from stdin..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ | gpg_host --import else - log verbose "importing ssh key from file '$sshKeyFile'..." - PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \ - <"$sshKeyFile" \ + log verbose "importing key from file '$keyFile'..." + PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$serviceName" \ + <"$keyFile" \ | gpg_host --import fi -# load the new host fpr into the fpr variable. this is so we can -# create the gpg pub key file. we have to do this from the secret key -# ring since we obviously don't have the gpg pub key file yet, since -# that's what we're trying to produce (see below). -load_fingerprint_secret - # export to gpg public key to file update_gpg_pub_file log info "host key imported:" # show info about new key -show_key +show_key "$serviceName" } -- cgit v1.2.3