summaryrefslogtreecommitdiff
path: root/src/share/mh/revoke_key
blob: 5460e51b182c05faaabd2180d4ef06814a678096 (plain)
  1. # -*-shell-script-*-
  2. # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
  3. # Monkeysphere host revoke-key subcommand
  4. #
  5. # The monkeysphere scripts are written by:
  6. # Jameson Rollins <jrollins@finestructure.net>
  7. # Jamie McClelland <jm@mayfirst.org>
  8. # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
  9. #
  10. # They are Copyright 2008-2009, and are all released under the GPL,
  11. # version 3 or later.
  12. # revoke host key
  13. revoke_key() {
  14. # Coming in here, we expect $HOST_FINGERPRINT to be set, and we
  15. # believe that there is in fact a key.
  16. if [ "$PROMPT" = "false" ] ; then
  17. publish=N
  18. else
  19. cat <<EOF >&2
  20. This will generate a revocation certificate for your host key
  21. (fingerprint: $HOST_FINGERPRINT) and
  22. dump the certificate to standard output.
  23. It can also directly publish the new revocation certificate
  24. to the public keyservers via $KEYSERVER if you want it to.
  25. Publishing this certificate will IMMEDIATELY and PERMANENTLY revoke
  26. your host key!
  27. EOF
  28. printf "Publish the certificate after generation? (y/n/Q) " >&2
  29. read publish
  30. if ! [ "${publish/y/Y}" = 'Y' -o "${publish/n/N}" = 'N' ] ; then
  31. failure "aborting at user request"
  32. fi
  33. fi
  34. # our current implementation is very simple: we just want to
  35. # generate the revocation certificate on stdout. This provides
  36. # for the two most likely (but hopefully not common) scenarios:
  37. # an admin wants a revocation certificate for the host which they
  38. # can store securely offline. In this case, the admin can
  39. # redirect stdout to a file, or can simply copy/paste or
  40. # transcribe from the terminal.
  41. # Alternately, an admin might want to publish the revocation
  42. # certificate immediately, which we can help them do as well.
  43. if [ "$PROMPT" = 'false' ] ; then
  44. # FIXME: allow the end user to choose something other than
  45. # "key was compromised" (1) and to supply their own revocation
  46. # string.
  47. local revoke_commands="y
  48. 1
  49. Monkeysphere host key revocation (automated) $(date '+%F_%T%z')
  50. y
  51. "
  52. revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg_host --command-fd 0 --armor --gen-revoke "0x${HOST_FINGERPRINT}!" <<<"$revoke_commands" ) \
  53. || failure "Failed to generate revocation certificate!"
  54. else
  55. # note: we're not using the gpg_host function because we actually
  56. # want to use gpg's UI in this case, so we want to omit --no-tty
  57. revcert=$(GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --armor --gen-revoke "0x${HOST_FINGERPRINT}!") \
  58. || failure "Failed to generate revocation certificate!"
  59. fi
  60. # if you run gpg --gen-revoke but cancel it or quit in the middle,
  61. # it returns success, but emits no revocation certificate:
  62. if ! [ "$revcert" ] ; then
  63. failure "Revocation canceled."
  64. fi
  65. ## ok, now we have the revocation certificate. Print it, and
  66. ## offer to publish if originally requested:
  67. printf "%s\n" "$revcert"
  68. if [ "${publish/y/Y}" = 'Y' ] ; then
  69. printf "\n" >&2
  70. printf "Really publish this cert to $KEYSERVER ? (Y/n) " >&2
  71. read really
  72. if [ "${really/n/N}" = 'N' ] ; then
  73. printf "Not publishing.\n" >&2
  74. else
  75. local newhome=$(mkmstempdir)
  76. GNUPGHOME="$newhome" gpg --no-tty --quiet --import < "$HOST_KEY_FILE"
  77. GNUPGHOME="$newhome" gpg --no-tty --quiet --import <<< "$revcert"
  78. GNUPGHOME="$newhome" gpg --keyserver "$KEYSERVER" --send "0x${HOST_FINGERPRINT}!"
  79. rm -rf "$newhome"
  80. fi
  81. fi
  82. }