# -*-shell-script-*- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) # Monkeysphere authentication add-certifier subcommand # # This function adds a certifier whose signatures will be used to # calculate validity of keys used to connect to user accounts on the # server. The specified certifier key is first retrieved from the Web # of Trust with the monkeysphere-user-controlled gpg_sphere keyring. # Once then new key is retrieved, it is imported into the core # keyring. The gpg_core then ltsigns the key with the desired trust # level, and then the key is exported back to the gpg_sphere keyring. # The gpg_sphere has ultimate owner trust of the core key, so the core # ltsigs on the new certifier key can then be used by gpg_sphere # calculate validity for keys inserted in the authorized_keys file. # # This is all to keep the monkeysphere user that connects to the # keyservers from accessing the core secret key. # # The monkeysphere scripts are written by: # Jameson Rollins <jrollins@finestructure.net> # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # # They are Copyright 2008-2009, and are all released under the GPL, # version 3 or later. add_certifier() { local domain= local trust=full local depth=1 local keyID local fingerprint local ltsignCommand local trustval # get options while true ; do case "$1" in -n|--domain) domain="$2" shift 2 ;; -t|--trust) trust="$2" shift 2 ;; -d|--depth) depth="$2" shift 2 ;; -) break ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. Type '$PGRM help' for usage." fi break ;; esac done keyID="$1" # check that key ID or file is specified if [ -z "$keyID" ] ; then failure "You must specify the key ID of a key to add, or specify a file to read the key from." fi # check the trust value case "$trust" in 'marginal') trustval=1 ;; 'full') trustval=2 ;; *) failure "Trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)." ;; esac # if file is specified if [ -f "$keyID" -o "$keyID" = '-' ] ; then # load the key from stdin if [ "$keyID" = '-' ] ; then # make a temporary file to hold the key from stdin keyID=$(msmktempfile) trap "rm -f $keyID" EXIT log verbose "reading key from stdin..." cat > "$keyID" # load the key from the file elif [ -f "$keyID" ] ; then log verbose "reading key from file '$keyID'..." fi # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." fi # load the key gpg_sphere "--import" <"$keyID" 2>/dev/null \ || failure "could not read key from '$keyID'" # else, get the key from the keyserver else log verbose "searching keyserver $KEYSERVER for keyID $keyID..." gpg_sphere "--keyserver $KEYSERVER --recv-key '0x${keyID}!'" \ || failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver." # get the full fingerprint of new certifier key log debug "getting fingerprint of certifier key..." fingerprint=$(gpg_sphere "--list-key --with-colons --with-fingerprint 0x${keyID}!" \ | grep '^fpr:' | cut -d: -f10) # test that there is only a single fingerprint if (( $(echo "$fingerprint" | wc -l) != 1 )) ; then cat <<EOF More than one fingerprint found: $fingerprint Please use a more specific key ID. EOF failure fi log info "key found:" gpg_sphere "--fingerprint 0x${fingerprint}!" if [ "$PROMPT" = "true" ] ; then echo "Are you sure you want to add the above key as a certifier" read -p "of users on this system? (Y/n) " OK; OK=${OK:-Y} if [ "${OK/y/Y}" != 'Y' ] ; then failure "Identity certifier not added." fi else log debug "adding key without prompting." fi fi # export the key to the core keyring so that the core can sign the # new certifier key log debug "loading key into core keyring..." gpg_sphere "--export 0x${fingerprint}!" | gpg_core --import # edit-key script to ltsign key # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF ltsign y $trustval $depth $domain y save EOF ) # core ltsigns the newly imported certifier key log debug "executing core ltsign script..." if echo "$ltsignCommand" | \ gpg_core --command-fd 0 --edit-key "0x${fingerprint}!" ; then # transfer the new sigs back to the sphere keyring gpg_core_sphere_sig_transfer # update the sphere trustdb log debug "updating sphere trustdb..." gpg_sphere "--check-trustdb" 2>&1 | log debug log info "Identity certifier added." else failure "Problem adding identify certifier." fi }