src/share/mh/gen_key



# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)

# Monkeysphere host gen-key subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2008-2009, and are all released under the GPL,
# version 3 or later.

gen_key() {

local keyType="RSA"
local keyLength="2048"
local keyUsage="auth"
local keyExpire="0"
local hostName=$(hostname -f)
local userID
local keyParameters
local fingerprint

# check for presense of secret key
# FIXME: is this the proper test to be doing here?
fingerprint_host_key >/dev/null \
    && failure "An OpenPGP host key already exists."

# get options
while true ; do
    case "$1" in
        -l|--length)
        keyLength="$2"
        shift 2
        ;;
        *)
        if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
            failure "Unknown option '$1'.
Type '$PGRM help' for usage."
        fi
        hostName="$1"
        shift
        break
        ;;
    esac
done

userID="ssh://${hostName}"

# set key parameters
keyParameters=\
"Key-Type: $keyType
Key-Length: $keyLength
Key-Usage: $keyUsage
Name-Real: $userID
Expire-Date: $keyExpire"

echo "The following key parameters will be used for the host key:"
echo "$keyParameters"

read -p "Generate key? (Y/n) " OK; OK=${OK:=Y}
if [ ${OK/y/Y} != 'Y' ] ; then
    failure "aborting."
fi

# add commit command
# must include blank line!
keyParameters=\
"${keyParameters}

%commit
%echo done"

# create host home
mkdir -p "$GNUPGHOME_HOST"
chmod 700 "$GNUPGHOME_HOST"

log verbose "generating host key..."
echo "$keyParameters" | gpg_host --batch --gen-key

# find the key fingerprint of the newly generated key
fingerprint=$(fingerprint_host_key)

# translate the private key to ssh format, and export to a file
# for sshs usage.
# NOTE: assumes that the primary key is the proper key to use
log debug "exporting new secret key to ssh format..."
(umask 077 && \
    gpg_host --export-secret-key "$fingerprint" | \
    openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key")
log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key"

log debug "creating ssh public key..."
ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub"
log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub"

log debug "exporting openpgp public key..."
gpg_host --export-options export-minimal --armor --export "0x${fingerprint}!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg"
log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg"

# show info about new key
show_key

}