summaryrefslogtreecommitdiff
path: root/src/share/mh/import_key
blob: c545388f9aaedd0300d899acc5ded47d029e7533 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere host import-key subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2008-2009 and are all released under the GPL,
  11. # version 3 or later.
  12. import_key() {
  13. local sshKeyFile
  14. local hostName
  15. local domain
  16. local userID
  17. sshKeyFile="$1"
  18. hostName="$2"
  19. # check that key file specified
  20. if [ -z "$sshKeyFile" ] ; then
  21. failure "Must specify ssh key file to import, or specify '-' for stdin."
  22. fi
  23. # use the default hostname if not specified
  24. if [ -z "$hostName" ] ; then
  25. hostName=$(hostname -f) || failure "Could not determine hostname."
  26. # test that the domain is not obviously illegitimate
  27. domain=${foo##*.}
  28. case $domain in
  29. 'local'|'localdomain')
  30. failure "Host domain '$domain' is not legitimate. Aborting key import."
  31. ;;
  32. esac
  33. # test that there are at least two parts
  34. if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
  35. failure "Host name '$hostName' is not legitimate. Aborting key import."
  36. fi
  37. fi
  38. userID="ssh://${hostName}"
  39. if [ "$PROMPT" = "true" ] ; then
  40. cat <<EOF
  41. The ssh key will be imported and an OpenPGP certificate for this host
  42. will be generated with the following user ID:
  43. $userID
  44. EOF
  45. read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
  46. if [ "${OK/y/Y}" != 'Y' ] ; then
  47. failure "ssh key not imported."
  48. fi
  49. else
  50. log debug "importing key without prompting."
  51. fi
  52. # create host home
  53. mkdir -p "${MHDATADIR}"
  54. mkdir -p "${GNUPGHOME_HOST}"
  55. chmod 700 "${GNUPGHOME_HOST}"
  56. # import ssh key to a private key
  57. if [ "$sshKeyFile" = '-' ] ; then
  58. log verbose "importing ssh key from stdin..."
  59. PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
  60. | gpg_host --import
  61. else
  62. log verbose "importing ssh key from file '$sshKeyFile'..."
  63. PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
  64. <"$sshKeyFile" \
  65. | gpg_host --import
  66. fi
  67. # load the new host fpr into the fpr variable. this is so we can
  68. # create the gpg pub key file. we have to do this from the secret key
  69. # ring since we obviously don't have the gpg pub key file yet, since
  70. # that's what we're trying to produce (see below).
  71. load_fingerprint_secret
  72. # export to gpg public key to file
  73. update_gpg_pub_file
  74. log info "host key imported:"
  75. # show info about new key
  76. show_key
  77. }