summaryrefslogtreecommitdiff
path: root/src/share/m/gen_subkey
blob: f1818043fef424ce06e7f992f7758c0f81f1d442 (plain) 
    

  1. # -*-shell-script-*-
    2. 

  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
    3. 

  3. 

  4. # Monkeysphere gen-subkey subcommand
    5. 

  5. #
    6. 

  6. # The monkeysphere scripts are written by:
    7. 

  7. # Jameson Rollins <jrollins@finestructure.net>
    8. 

  8. # Jamie McClelland <jm@mayfirst.org>
    9. 

  9. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    10. 

  10. #
    11. 

  11. # They are Copyright 2008-2009, and are all released under the GPL,
    12. 

  12. # version 3 or later.
    13. 

  13. 

  14. # generate a subkey with the 'a' usage flags set
    15. 

  15. 

  16. gen_subkey(){
    17. 

  17.     local keyLength
    18. 

  18.     local gpgSecOut
    19. 

  19.     local keyID
    20. 

  20.     local editCommands
    21. 

  21.     local fifoDir
    22. 

  22.     local keyType
    23. 

  23. 

  24.     # get options
    25. 

  25.     while true ; do
    26. 

  26.     case "$1" in
    27. 

  27.         -l|--length)
    28. 

  28.         keyLength="$2"
    29. 

  29.         shift 2
    30. 

  30.         ;;
    31. 

  31.         *)
    32. 

  32.         if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
    33. 

  33.             failure "Unknown option '$1'.
    34. 

  34. Type '$PGRM help' for usage."
    35. 

  35.         fi
    36. 

  36.         break
    37. 

  37.         ;;
    38. 

  38.     esac
    39. 

  39.     done
    40. 

  40. 

  41.     # check that the keyID is unique
    42. 

  42.     keyID=$(check_gpg_sec_key_id "$@")
    43. 

  43. 

  44.     # check that an authentication subkey does not already exist
    45. 

  45.     check_gpg_authentication_subkey "$keyID"
    46. 

  46. 

  47.     # determine which keyType to use from gpg version
    48. 

  48.     keyType=7
    49. 

  49.     case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in
    50. 

  50.     1)
    51. 

  51.         if is_gpg_version_greater_equal 1.4.10 ; then
    52. 

  52.         keyType=8
    53. 

  53.         fi
    54. 

  54.         ;;
    55. 

  55.     2)
    56. 

  56.         if is_gpg_version_greater_equal 2.0.13 ; then
    57. 

  57.         keyType=8
    58. 

  58.         fi
    59. 

  59.         ;;
    60. 

  60.     *)
    61. 

  61.         keyType=8
    62. 

  62.         ;;
    63. 

  63.     esac
    64. 

  64. 

  65.     # generate the list of commands that will be passed to edit-key
    66. 

  66.     editCommands="addkey
    67. 

  67. $keyType
    68. 

  68. S
    69. 

  69. E
    70. 

  70. A
    71. 

  71. Q
    72. 

  72. $keyLength
    73. 

  73. 0
    74. 

  74. save"
    75. 

  75. 

  76.     # setup the temp fifo dir for retrieving the key password
    77. 

  77.     log debug "creating password fifo..."
    78. 

  78.     fifoDir=$(msmktempdir)
    79. 

  79.     (umask 077 && mkfifo "$fifoDir/pass")
    80. 

  80. 

  81.     # FIXME: are we adequately cleaning up any trailing gpg process here?
    82. 

  82.     trap "rm -rf $fifoDir; kill %% || true" EXIT
    83. 

  83.     echo "$editCommands" | gpg_user --batch --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
    84. 

  84. 

  85.     log debug "Prompting for passphrase"
    86. 

  86.     # FIXME: this needs to fail more gracefully if the passphrase is incorrect
    87. 

  87.     passphrase_prompt  "Please enter your passphrase for $keyID: " "$fifoDir/pass"
    88. 

  88.     log info "Generating subkey.  This may take a long time..."
    89. 

  89. 

  90.     trap - EXIT
    91. 

  91.     rm -rf "$fifoDir"
    92. 

  92.     wait
    93. 

  93.     log verbose "done."
    94. 

  94. }
    95.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-15 20:36:04 +0000