summaryrefslogtreecommitdiff
path: root/src/share/m/gen_subkey
blob: f1818043fef424ce06e7f992f7758c0f81f1d442 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere gen-subkey subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2008-2009, and are all released under the GPL,
  11. # version 3 or later.
  12. # generate a subkey with the 'a' usage flags set
  13. gen_subkey(){
  14. local keyLength
  15. local gpgSecOut
  16. local keyID
  17. local editCommands
  18. local fifoDir
  19. local keyType
  20. # get options
  21. while true ; do
  22. case "$1" in
  23. -l|--length)
  24. keyLength="$2"
  25. shift 2
  26. ;;
  27. *)
  28. if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
  29. failure "Unknown option '$1'.
  30. Type '$PGRM help' for usage."
  31. fi
  32. break
  33. ;;
  34. esac
  35. done
  36. # check that the keyID is unique
  37. keyID=$(check_gpg_sec_key_id "$@")
  38. # check that an authentication subkey does not already exist
  39. check_gpg_authentication_subkey "$keyID"
  40. # determine which keyType to use from gpg version
  41. keyType=7
  42. case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in
  43. 1)
  44. if is_gpg_version_greater_equal 1.4.10 ; then
  45. keyType=8
  46. fi
  47. ;;
  48. 2)
  49. if is_gpg_version_greater_equal 2.0.13 ; then
  50. keyType=8
  51. fi
  52. ;;
  53. *)
  54. keyType=8
  55. ;;
  56. esac
  57. # generate the list of commands that will be passed to edit-key
  58. editCommands="addkey
  59. $keyType
  60. S
  61. E
  62. A
  63. Q
  64. $keyLength
  65. 0
  66. save"
  67. # setup the temp fifo dir for retrieving the key password
  68. log debug "creating password fifo..."
  69. fifoDir=$(msmktempdir)
  70. (umask 077 && mkfifo "$fifoDir/pass")
  71. # FIXME: are we adequately cleaning up any trailing gpg process here?
  72. trap "rm -rf $fifoDir; kill %% || true" EXIT
  73. echo "$editCommands" | gpg_user --batch --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
  74. log debug "Prompting for passphrase"
  75. # FIXME: this needs to fail more gracefully if the passphrase is incorrect
  76. passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
  77. log info "Generating subkey. This may take a long time..."
  78. trap - EXIT
  79. rm -rf "$fifoDir"
  80. wait
  81. log verbose "done."
  82. }