summaryrefslogtreecommitdiff
path: root/src/share/mh/import_key
blob: ed6ee4f1805c127f1c5866b43be0ddb3625c5530 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere host import-key subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2008-2009 and are all released under the GPL,
  11. # version 3 or later.
  12. import_key() {
  13. local hostName
  14. local domain
  15. local userID
  16. hostName="$1"
  17. # use the default hostname if not specified
  18. if [ -z "$hostName" ] ; then
  19. hostName=$(hostname -f)
  20. # test that the domain is not obviously illegitimate
  21. domain=${foo##*.}
  22. case $domain in
  23. 'local'|'localdomain')
  24. failure "Host domain '$domain' is not legitimate. Aborting key import."
  25. ;;
  26. esac
  27. # test that there are at least two parts
  28. if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
  29. failure "Host name '$hostName' is not legitimate. Aborting key import."
  30. fi
  31. fi
  32. userID="ssh://${hostName}"
  33. # create host home
  34. mkdir -p "${MHDATADIR}"
  35. mkdir -p "${MHTMPDIR}"
  36. mkdir -p "${GNUPGHOME_HOST}"
  37. chmod 700 "${GNUPGHOME_HOST}"
  38. log verbose "importing ssh key..."
  39. # translate ssh key to a private key
  40. PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" \
  41. | gpg_host --import
  42. # load the new host fpr into the fpr variable. this is so we can
  43. # create the gpg pub key file. we have to do this from the secret key
  44. # ring since we obviously don't have the gpg pub key file yet, since
  45. # that's what we're trying to produce (see below).
  46. load_fingerprint_secret
  47. # set ultimate owner trust on the newly imported key
  48. printf "%s:6:\n" "$HOST_FINGERPRINT" | gpg_host --import-ownertrust
  49. # update trustdb
  50. gpg_host --check-trustdb
  51. # export to gpg public key to file
  52. create_gpg_pub_file
  53. # show info about new key
  54. show_key
  55. }