blob: 96053bcd8677ff1802a98dea0628d2383509090c (
plain)
- # -*-shell-script-*-
- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
- # Monkeysphere host gen-key subcommand
- #
- # The monkeysphere scripts are written by:
- # Jameson Rollins <jrollins@finestructure.net>
- # Jamie McClelland <jm@mayfirst.org>
- # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- #
- # They are Copyright 2008-2009, and are all released under the GPL,
- # version 3 or later.
- gen_key() {
- local hostName
- local keyType="RSA"
- local keyLength="2048"
- local keyUsage="auth"
- local keyExpire="0"
- local userID
- # get options
- while true ; do
- case "$1" in
- -l|--length)
- keyLength="$2"
- shift 2
- ;;
- *)
- if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
- failure "Unknown option '$1'.
- Type '$PGRM help' for usage."
- fi
- break
- ;;
- esac
- done
- hostName=${1:-$(hostname -f)}
- userID="ssh://${hostName}"
- # create host home
- mkdir -p "${MHDATADIR}"
- mkdir -p "${MHTMPDIR}"
- mkdir -p "${GNUPGHOME_HOST}"
- chmod 700 "${GNUPGHOME_HOST}"
- log debug "generating host key..."
- gpg_host --batch --gen-key <<EOF
- Key-Type: $keyType
- Key-Length: $keyLength
- Key-Usage: $keyUsage
- Name-Real: $userID
- Expire-Date: $keyExpire
- %commit
- %echo done
- EOF
- # load the new host fpr into the fpr variable
- load_fingerprint_secret
- # export the host secret key to the monkeysphere ssh sec key file
- # NOTE: assumes that the primary key is the proper key to use
- log debug "creating ssh secret key file..."
- (umask 077 && \
- gpg_host --export-secret-key "$HOST_FINGERPRINT" | \
- openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key")
- log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key"
- # export the host public key to the monkeysphere ssh pub key file
- log debug "creating ssh public key file..."
- ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB"
- log info "SSH host public key file: $HOST_KEY_PUB"
- # export to gpg public key to file
- create_gpg_pub_file
- # show info about new key
- show_key
- }
|