summaryrefslogtreecommitdiff
path: root/src/seckey2sshagent
blob: 2a98cf16ae11afb7e5ae4a1f45a13e6817837ea5 (plain) 
    

  1. #!/bin/bash
    2. 

  2. 

  3. # seckey2sshagent: this is a hack of a script to cope with the fact
    4. 

  4. # that openpgp2ssh currently cannot support encrypted secret keys.
    5. 

  5. 

  6. # the basic operating principal is: 
    7. 

  7. 

  8. # export the secret key in encrypted format to a new keyring
    9. 

  9. 

  10. # remove the passphrase in that keyring
    11. 

  11. 

  12. # use that keyring with openpgp2ssh
    13. 

  13. 

  14. # Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
    15. 

  15. #          Jameson Rollins <jrollins@fifthhorseman.net>
    16. 

  16. 

  17. 

  18. cleanup() {
    19. 

  19.     echo -n "removing temp gpg home... " 1>&2
    20. 

  20.     rm -rf "$TMPPRIVATE"
    21. 

  21.     echo "done." 1>&2
    22. 

  22. }
    23. 

  23. 

  24. explanation() {
    25. 

  25. 

  26.     echo -n "The basic strategy of seckey2sshagent is to dump your
    27. 

  27. OpenPGP authentication key(s) into your agent.
    28. 

  28. 

  29. This script is a gross hack at the moment.  It is done by creating a
    30. 

  30. new, temporary private keyring, letting the user remove the
    31. 

  31. passphrases from the keys, and then exporting them.  The temporary
    32. 

  32. private keyring is purged from the system.
    33. 

  33. 

  34. When you use this command, you'll find yourself dropped into a GPG
    35. 

  35. 'edit-key' dialog relevant *only* to the temporary private keyring.
    36. 

  36. 

  37. At that point, you should clear the password from your key, with:
    38. 

  38. 

  39.  passwd
    40. 

  40.  <enter your current password>
    41. 

  41. 

  42. followed by the empty string for the new password.  GPG will ask you
    43. 

  43. if you're really sure.  Answer yes, because this is only relevant to
    44. 

  44. the temporary keyring.  Then, do:
    45. 

  45. 

  46.  save
    47. 

  47. 

  48. At this point, your key will be added to your running ssh-agent with
    49. 

  49. the alias 'monkeysphere-key' and seckey2sshagent should terminate.
    50. 

  50. You can check on it with:
    51. 

  51. 

  52.  ssh-add -l
    53. 

  53. 

  54. " 
    55. 

  55.     
    56. 

  56. }
    57. 

  57. 

  58. # if no hex string is supplied, just print an explanation.
    59. 

  59. # this covers seckey2sshagent --help, --usage, -h, etc...
    60. 

  60. if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then
    61. 

  61.     explanation
    62. 

  62.     exit
    63. 

  63. fi
    64. 

  64. 

  65. trap cleanup EXIT
    66. 

  66. 

  67. GPGIDS="$1"
    68. 

  68. 

  69. if [ -z "$GPGIDS" ]; then
    70. 

  70.     # default to using all fingerprints of authentication-enabled keys 
    71. 

  71.     GPGIDS=$(gpg  --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
    72. 

  72. fi
    73. 

  73. 

  74. for GPGID in $GPGIDS; do
    75. 

  75. 

  76.     TMPPRIVATE=$(mktemp -d)
    77. 

  77.     
    78. 

  78.     gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import
    79. 

  79.     
    80. 

  80. # idea to script the password stuff.  not working.
    81. 

  81. # read -s -p "enter gpg password: " PASSWD; echo
    82. 

  82. # cmd=$(cat <<EOF
    83. 

  83. # passwd
    84. 

  84. # $PASSWD
    85. 

  85. # \n
    86. 

  86. # \n
    87. 

  87. # \n
    88. 

  88. # yes
    89. 

  89. # save
    90. 

  90. # EOF
    91. 

  91. # )
    92. 

  92. # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
    93. 

  93.     
    94. 

  94.     GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID"
    95. 

  95. 

  96.     KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')''
    97. 

  97. # creating this alias so the key is named "monkeysphere-key" in the
    98. 

  98. # comment stored by the agent, while never being written to disk in
    99. 

  99. # SSH form:
    100. 

  100.     ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME"
    101. 

  101.     
    102. 

  102.     GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \
    103. 

  103.     openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME")
    104. 

  104. 

  105.     cleanup
    106. 

  106. done
    107. 

  107. 

  108.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-02 12:40:27 +0000