/mandos/release : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@recompile.se>.

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.4.1"

VERSION="1.0"

KEYDIR="/etc/keys/mandos"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,password,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Key creation options:

-v, --version Show program's version number and exit

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c TEXT, --comment TEXT

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old key files.

-f, --force Force overwriting old keys.

Password creation options:

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-p, --password Create an encrypted password using the keys in

the key directory. All options other than

--keydir and --name are ignored.

EOF

}

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

119

108

PUBKEYFILE="$KEYDIR/pubkey.txt"

120

109

121

110

# Check for some invalid values

122

if [ ! -d "$KEYDIR" ]; then

111

if [ -d "$KEYDIR" ]; then :; else

123

112

echo "$KEYDIR not a directory" >&2

124

113

exit 1

125

114

126

if [ ! -r "$KEYDIR" ]; then

127

echo "Directory $KEYDIR not readable" >&2

115

if [ -w "$KEYDIR" ]; then :; else

116

echo "Directory $KEYDIR not writeable" >&2

117

exit 1

118

119

120

if [ "$mode" = password -a -e "$KEYDIR/trustdb.gpg.lock" ]; then

121

echo "Key directory has locked trustdb; aborting." >&2

128

122

exit 1

129

123

130

124

131

125

if [ "$mode" = keygen ]; then

132

if [ ! -w "$KEYDIR" ]; then

133

echo "Directory $KEYDIR not writeable" >&2

134

exit 1

135

136

126

if [ -z "$KEYTYPE" ]; then

137

127

echo "Empty key type" >&2

138

128

exit 1

147

137

echo "Invalid key length" >&2

148

138

exit 1

149

139

150

140

151

141

if [ -z "$KEYEXPIRE" ]; then

152

142

echo "Empty key expiration" >&2

153

143

exit 1

159

149

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

160

150

esac

161

151

162

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

163

-a "$FORCE" -eq 0 ]; then

152

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

153

&& [ "$FORCE" -eq 0 ]; then

164

154

echo "Refusing to overwrite old key files; use --force" >&2

165

155

exit 1

166

156

172

162

if [ -n "$KEYEMAIL" ]; then

173

163

KEYEMAILLINE="Name-Email: $KEYEMAIL"

174

164

175

165

176

166

# Create temporary gpg batch file

177

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

167

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

178

168

179

169

180

170

if [ "$mode" = password ]; then

181

171

# Create temporary encrypted password file

182

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

183

184

185

# Create temporary key ring directory

186

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

172

SECFILE="`mktemp -t mandos-gpg-secfile.XXXXXXXXXX`"

173

174

175

# Create temporary key rings

176

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

177

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

178

179

if [ "$mode" = password ]; then

180

# If a trustdb.gpg file does not already exist, schedule it for

181

# deletion when we are done.

182

if ! [ -e "$KEYDIR/trustdb.gpg" ]; then

183

TRUSTDB="$KEYDIR/trustdb.gpg"

184

185

187

186

188

187

# Remove temporary files on exit

189

188

trap "

190

189

set +e; \

191

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

192

shred --remove \"$RINGDIR\"/sec*;

193

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

194

rm --recursive --force \"$RINGDIR\";

195

tty --quiet && stty echo; \

190

rm --force $PUBRING ${PUBRING}~ $BATCHFILE $TRUSTDB; \

191

shred --remove $SECRING $SECFILE; \

192

stty echo; \

196

193

" EXIT

197

194

198

set -e

199

200

umask 077

195

umask 027

201

196

202

197

if [ "$mode" = keygen ]; then

203

198

# Create batch file for GnuPG

214

209

Expire-Date: $KEYEXPIRE

215

210

#Preferences: <string>

216

211

#Handle: <no-spaces>

217

#%pubring pubring.gpg

218

#%secring secring.gpg

212

%pubring $PUBRING

213

%secring $SECRING

219

214

%commit

220

215

EOF

221

216

222

if tty --quiet; then

223

cat <<-EOF

224

Note: Due to entropy requirements, key generation could take

225

anything from a few minutes to SEVERAL HOURS. Please be

226

patient and/or supply the system with more entropy if needed.

227

EOF

228

echo -n "Started: "

229

date

230

231

232

217

# Generate a new key in the key rings

233

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

234

--homedir "$RINGDIR" --trust-model always \

218

gpg --no-random-seed-file --quiet --batch --no-tty \

219

--no-default-keyring --no-options --enable-dsa2 \

220

--secret-keyring "$SECRING" --keyring "$PUBRING" \

235

221

--gen-key "$BATCHFILE"

236

222

rm --force "$BATCHFILE"

237

238

if tty --quiet; then

239

echo -n "Finished: "

240

date

241

242

223

243

224

# Backup any old key files

244

225

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

245

226

2>/dev/null; then

259

240

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

260

241

261

242

262

# Export key from key rings to key files

263

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

264

--homedir "$RINGDIR" --armor --export-options export-minimal \

265

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

266

--export-secret-keys

267

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

268

--homedir "$RINGDIR" --armor --export-options export-minimal \

269

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

243

# Export keys from key rings to key files

244

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

245

--no-default-keyring --no-options --enable-dsa2 \

246

--secret-keyring "$SECRING" --keyring "$PUBRING" \

247

--export-options export-minimal --comment "$FILECOMMENT" \

248

--output "$SECKEYFILE" --export-secret-keys

249

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

250

--no-default-keyring --no-options --enable-dsa2 \

251

--secret-keyring "$SECRING" --keyring "$PUBRING" \

252

--export-options export-minimal --comment "$FILECOMMENT" \

253

--output "$PUBKEYFILE" --export

270

254

271

255

272

256

if [ "$mode" = password ]; then

273

# Import key into temporary key rings

274

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

275

--homedir "$RINGDIR" --trust-model always --armor \

276

--import "$SECKEYFILE"

277

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

278

--homedir "$RINGDIR" --trust-model always --armor \

279

--import "$PUBKEYFILE"

280

257

# Import keys into temporary key rings

258

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

259

--no-default-keyring --no-options --enable-dsa2 \

260

--homedir "$KEYDIR" --no-permission-warning \

261

--secret-keyring "$SECRING" --keyring "$PUBRING" \

262

--trust-model always --import "$SECKEYFILE"

263

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

264

--no-default-keyring --no-options --enable-dsa2 \

265

--homedir "$KEYDIR" --no-permission-warning \

266

--secret-keyring "$SECRING" --keyring "$PUBRING" \

267

--trust-model always --import "$PUBKEYFILE"

268

281

269

# Get fingerprint of key

282

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

283

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

284

--fingerprint --with-colons \

285

| sed --quiet \

286

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

270

FINGERPRINT="`gpg --no-random-seed-file --quiet --batch --no-tty \

271

--armor --no-default-keyring --no-options --enable-dsa2 \

272

--homedir \"$KEYDIR\" --no-permission-warning \

273

--secret-keyring \"$SECRING\" --keyring \"$PUBRING\" \

274

--trust-model always --fingerprint --with-colons \

275

| sed -n -e '/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

287

276

288

277

test -n "$FINGERPRINT"

289

278

290

279

FILECOMMENT="Encrypted password for a Mandos client"

291

280

292

while [ ! -s "$SECFILE" ]; do

293

if [ -n "$PASSFILE" ]; then

294

cat "$PASSFILE"

295

else

296

tty --quiet && stty -echo

297

read -p "Enter passphrase: " first

298

tty --quiet && echo >&2

299

read -p "Repeat passphrase: " second

300

if tty --quiet; then

301

echo >&2

302

stty echo

303

304

if [ "$first" != "$second" ]; then

305

echo "Passphrase mismatch" >&2

306

touch "$RINGDIR"/mismatch

307

else

308

echo -n "$first"

309

310

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

311

--homedir "$RINGDIR" --trust-model always --armor \

312

--encrypt --sign --recipient "$FINGERPRINT" --comment \

313

"$FILECOMMENT" > "$SECFILE"

314

if [ -e "$RINGDIR"/mismatch ]; then

315

rm --force "$RINGDIR"/mismatch

316

if tty --quiet; then

317

> "$SECFILE"

318

else

319

exit 1

320

321

322

done

281

stty -echo

282

echo -n "Enter passphrase: " >&2

283

sed -e '1q' \

284

| gpg --no-random-seed-file --batch --no-tty --armor \

285

--no-default-keyring --no-options --enable-dsa2 \

286

--homedir "$KEYDIR" --no-permission-warning \

287

--secret-keyring "$SECRING" --keyring "$PUBRING" \

288

--trust-model always --encrypt --recipient "$FINGERPRINT" \

289

--comment "$FILECOMMENT" \

290

> "$SECFILE"

291

echo >&2

292

stty echo

323

293

324

294

cat <<-EOF

325

295

[$KEYNAME]

326

296

host = $KEYNAME

327

297

fingerprint = $FINGERPRINT

328

298

secret =

329

EOF

330

sed --quiet --expression='

299

EOF

300

sed -n -e '

331

301

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

332

302

/^$/,${

333

303

# Remove 24-bit Radix-64 checksum

346

316

shred --remove "$SECFILE"

347

317

348

318

# Remove the key rings

349

shred --remove "$RINGDIR"/sec*

350

rm --recursive --force "$RINGDIR"

319

shred --remove "$SECRING"

320

rm --force "$PUBRING" "${PUBRING}~"

321

# Remove the trustdb, if one did not exist when we started

322

if [ -n "$TRUSTDB" ]; then

323

rm --force "$TRUSTDB"

324

Older »