&COMMANDNAME;

=== modified file 'Makefile' --- Makefile 2008-08-23 07:17:28 +0000 +++ Makefile 2008-08-24 06:17:02 +0000 @@ -14,11 +14,11 @@ OPTIMIZE=-Os LANGUAGE=-std=gnu99 # PREFIX=/usr/local -PREFIX=/usr +PREFIX=$(DESTDIR)/usr # CONFDIR=/usr/local/lib/mandos -CONFDIR=/etc/mandos +CONFDIR=$(DESTDIR)/etc/mandos # MANDIR=/usr/local/man -MANDIR=/usr/share/man +MANDIR=$(DESTDIR)/usr/share/man GNUTLS_CFLAGS=$(shell libgnutls-config --cflags) GNUTLS_LIBS=$(shell libgnutls-config --libs) @@ -104,7 +104,7 @@ install: install-server install-client install-server: doc - mkdir --mode=0755 --parents $(CONFDIR) $(MANDIR)/man5 \ + install --directory --parents $(CONFDIR) $(MANDIR)/man5 \ $(MANDIR)/man8 install --mode=0755 mandos $(PREFIX)/sbin/mandos install --mode=0644 --target-directory=$(CONFDIR) mandos.conf @@ -118,9 +118,9 @@ > $(MANDIR)/man5/mandos-clients.conf.5.gz install-client: all doc /usr/share/initramfs-tools/hooks/. - mkdir --mode=0755 --parents $(PREFIX)/lib/mandos $(CONFDIR) \ - $(MANDIR)/man8 - -mkdir --mode=0700 $(PREFIX)/lib/mandos/plugins.d + install --directory --parents $(PREFIX)/lib/mandos \ + $(CONFDIR) $(MANDIR)/man8 + install --directory --mode=0700 $(PREFIX)/lib/mandos/plugins.d chmod u=rwx,g=,o= $(PREFIX)/lib/mandos/plugins.d install --mode=0755 --target-directory=$(PREFIX)/lib/mandos \ plugin-runner === modified file 'mandos-keygen' --- mandos-keygen 2008-08-22 00:16:20 +0000 +++ mandos-keygen 2008-08-24 06:17:02 +0000 @@ -25,6 +25,8 @@ KEYDIR="/etc/mandos" KEYTYPE=DSA KEYLENGTH=1024 +SUBKEYTYPE=ELG-E +SUBKEYLENGTH=2048 KEYNAME="`hostname --fqdn`" KEYEMAIL="" KEYCOMMENT="Mandos client key" @@ -48,6 +50,10 @@ -t TYPE, --type TYPE Key type. Default is DSA. -l BITS, --length BITS Key length in bits. Default is 1024. + -s TYPE, --subtype TYPE + Subkey type. Default is ELG-E. + -L BITS, --sublength BITS + Subkey length in bits. Default is 2048. -n NAME, --name NAME Name of key. Default is the FQDN. -e EMAIL, --email EMAIL Email address of key. Default is empty. @@ -66,7 +72,9 @@ case "$1" in -d|--dir) KEYDIR="$2"; shift 2;; -t|--type) KEYTYPE="$2"; shift 2;; + -s|--subtype) SUBKEYTYPE="$2"; shift 2;; -l|--length) KEYLENGTH="$2"; shift 2;; + -L|--sublength) SUBKEYLENGTH="$2"; shift 2;; -n|--name) KEYNAME="$2"; shift 2;; -e|--email) KEYEMAIL="$2"; shift 2;; -c|--comment) KEYCOMMENT="$2"; shift 2;; @@ -143,10 +151,10 @@ # Remove temporary files on exit trap " -set +e -rm --force $PUBRING $BATCHFILE; -shred --remove $SECRING; -stty echo +set +e; \ +rm --force $PUBRING $BATCHFILE; \ +shred --remove $SECRING; \ +stty echo; \ " EXIT # Create batch file for GnuPG @@ -154,10 +162,15 @@ Key-Type: $KEYTYPE Key-Length: $KEYLENGTH #Key-Usage: encrypt,sign,auth +Subkey-Type: $SUBKEYTYPE +Subkey-Length: $SUBKEYLENGTH +#Subkey-Usage: encrypt,sign,auth Name-Real: $KEYNAME $KEYCOMMENTLINE $KEYEMAILLINE Expire-Date: $KEYEXPIRE +#Preferences: +#Handle: %pubring $PUBRING %secring $SECRING %commit @@ -167,7 +180,7 @@ # Generate a new key in the key rings gpg --no-random-seed-file --quiet --batch --no-tty \ - --no-default-keyring --no-options --batch \ + --no-default-keyring --no-options --enable-dsa2 \ --secret-keyring "$SECRING" --keyring "$PUBRING" \ --gen-key "$BATCHFILE" rm --force "$BATCHFILE" @@ -193,15 +206,15 @@ # Export keys from key rings to key files gpg --no-random-seed-file --quiet --batch --no-tty --armor \ - --no-default-keyring --no-options --secret-keyring "$SECRING" \ - --keyring "$PUBRING" --export-options export-minimal \ - --comment "$FILECOMMENT" --output "$SECKEYFILE" \ - --export-secret-keys + --no-default-keyring --no-options --enable-dsa2 \ + --secret-keyring "$SECRING" --keyring "$PUBRING" \ + --export-options export-minimal --comment "$FILECOMMENT" \ + --output "$SECKEYFILE" --export-secret-keys gpg --no-random-seed-file --quiet --batch --no-tty --armor \ - --no-default-keyring --no-options --secret-keyring "$SECRING" \ - --keyring "$PUBRING" --export-options export-minimal \ - --comment "$FILECOMMENT" --output "$PUBKEYFILE" \ - --export + --no-default-keyring --no-options --enable-dsa2 \ + --secret-keyring "$SECRING" --keyring "$PUBRING" \ + --export-options export-minimal --comment "$FILECOMMENT" \ + --output "$PUBKEYFILE" --export trap - EXIT === modified file 'mandos-keygen.xml' --- mandos-keygen.xml 2008-08-20 00:35:41 +0000 +++ mandos-keygen.xml 2008-08-24 06:17:02 +0000 @@ -1,4 +1,4 @@ - + @@ -8,7 +8,7 @@ &COMMANDNAME; - + &COMMANDNAME; &VERSION; @@ -29,7 +29,8 @@ 2008 - Teddy Hogeborn & Björn Påhlsson + Teddy Hogeborn + Björn Påhlsson @@ -85,6 +86,14 @@ bits + + type + + + + bits + + NAME @@ -119,6 +128,14 @@ bits + + type + + + + bits + + NAME @@ -141,15 +158,15 @@ &COMMANDNAME; - - + + &COMMANDNAME; - - + + @@ -207,7 +224,7 @@ type - Key type. Default is DSA. + Key type. Default is DSA. @@ -223,6 +240,27 @@ + -s, --subtype + type + + + Subkey type. Default is ELG-E (Elgamal + encryption-only). + + + + + + -L, --sublength + bits + + + Subkey length in bits. Default is 2048. + + + + + -e, --email address @@ -238,7 +276,7 @@ Comment field for key. The default value is - "Mandos client key". + Mandos client key. @@ -270,7 +308,7 @@ OVERVIEW - This program is a small program to generate new OpenPGP keys for + This program is a small utility to generate new OpenPGP keys for new Mandos clients. @@ -371,7 +409,8 @@ SECURITY - The and + The , , + , and options can be used to create keys of insufficient security. If in doubt, leave them to the default values.