From ce45ef5702e072e869fa9d1b703f99dc740eb000 Mon Sep 17 00:00:00 2001 From: Jameson Rollins Date: Fri, 15 Jan 2010 19:19:15 -0500 Subject: Major rework of monkeysphere-host to handle multiple host keys. This rework removes any assumption that monkeysphere-host is just managing a single host key, or that the keys are used specifically for ssh. The UI is exactly backwards compatible except that hostnames ('example.com') must be replaced by full service names ('ssh://example.com'). This incarnation passes the old tests with those changes only. There are a couple of things that still need to be done: - need to see if a transition script is needed (some local file names have changed) - need to fill in check_service_name function to verify that a specified service name fits the expected format. - update diagnostics appropriately --- src/share/mh/revoke_key | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'src/share/mh/revoke_key') diff --git a/src/share/mh/revoke_key b/src/share/mh/revoke_key index 5460e51..5a013e0 100644 --- a/src/share/mh/revoke_key +++ b/src/share/mh/revoke_key @@ -8,23 +8,24 @@ # Jamie McClelland # Daniel Kahn Gillmor # -# They are Copyright 2008-2009, and are all released under the GPL, +# They are Copyright 2008-2010, and are all released under the GPL, # version 3 or later. # revoke host key revoke_key() { -# Coming in here, we expect $HOST_FINGERPRINT to be set, and we -# believe that there is in fact a key. + local keyID + local publish + + keyID=$(check_key_input "$@") if [ "$PROMPT" = "false" ] ; then publish=N else cat <&2 -This will generate a revocation certificate for your host key -(fingerprint: $HOST_FINGERPRINT) and -dump the certificate to standard output. +This will generate a revocation certificate for key $keyID +and dump the certificate to standard output. It can also directly publish the new revocation certificate to the public keyservers via $KEYSERVER if you want it to. @@ -65,14 +66,13 @@ Monkeysphere host key revocation (automated) $(date '+%F_%T%z') y " - revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \ + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${keyID}!" <<<"$revoke_commands" ) \ || failure "Failed to generate revocation certificate!" - else # note: we're not using the gpg_host function because we actually # want to use gpg's UI in this case, so we want to omit --no-tty - revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \ + revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${keyID}!") \ || failure "Failed to generate revocation certificate!" fi -- cgit v1.2.3