# -*-shell-script-*- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) # Monkeysphere host gen-key subcommand # # The monkeysphere scripts are written by: # Jameson Rollins <jrollins@finestructure.net> # Jamie McClelland <jm@mayfirst.org> # Daniel Kahn Gillmor <dkg@fifthhorseman.net> # # They are Copyright 2008-2009, and are all released under the GPL, # version 3 or later. gen_key() { local keyType="RSA" local keyLength="2048" local keyUsage="auth" local keyExpire="0" local hostName=$(hostname -f) local userID local keyParameters local fingerprint # check for presense of secret key # FIXME: is this the proper test to be doing here? fingerprint_host_key >/dev/null \ && failure "An OpenPGP host key already exists." # get options while true ; do case "$1" in -l|--length) keyLength="$2" shift 2 ;; *) if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then failure "Unknown option '$1'. Type '$PGRM help' for usage." fi hostName="$1" shift break ;; esac done userID="ssh://${hostName}" # set key parameters keyParameters=\ "Key-Type: $keyType Key-Length: $keyLength Key-Usage: $keyUsage Name-Real: $userID Expire-Date: $keyExpire" echo "The following key parameters will be used for the host key:" echo "$keyParameters" read -p "Generate key? (Y/n) " OK; OK=${OK:=Y} if [ ${OK/y/Y} != 'Y' ] ; then failure "aborting." fi # add commit command # must include blank line! keyParameters=\ "${keyParameters} %commit %echo done" # create host home mkdir -p "$GNUPGHOME_HOST" chmod 700 "$GNUPGHOME_HOST" log verbose "generating host key..." echo "$keyParameters" | gpg_host --batch --gen-key # find the key fingerprint of the newly generated key fingerprint=$(fingerprint_host_key) # translate the private key to ssh format, and export to a file # for sshs usage. # NOTE: assumes that the primary key is the proper key to use log debug "exporting new secret key to ssh format..." (umask 077 && \ gpg_host --export-secret-key "$fingerprint" | \ openpgp2ssh "$fingerprint" > "${MHDATADIR}/ssh_host_rsa_key") log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key" log debug "creating ssh public key..." ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "${MHDATADIR}/ssh_host_rsa_key.pub" log info "SSH host public key output to file: ${MHDATADIR}/ssh_host_rsa_key.pub" log debug "exporting openpgp public key..." gpg_host --export-options export-minimal --armor --export "0x${fingerprint}!" > "${MHDATADIR}/ssh_host_rsa_key.pub.gpg" log info "SSH host public key in OpenPGP form: ${MHDATADIR}/ssh_host_rsa_key.pub.gpg" # show info about new key show_key }