/mandos/trunk : revision 110

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2008-08-29 05:53:59 UTC
Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus

* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@recompile.se>.

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.6.2"

VERSION="1.0"

KEYDIR="/etc/keys/mandos"

KEYTYPE=RSA

KEYLENGTH=4096

SUBKEYTYPE=RSA

SUBKEYLENGTH=4096

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,password,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Key creation options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is RSA.

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 4096.

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is RSA.

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 4096.

Subkey length in bits. Default is 2048.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c TEXT, --comment TEXT

Comment field for key. The default is empty.

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old key files.

-f, --force Force overwriting old keys.

Password creation options:

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-p, --password Create an encrypted password using the keys in

the key directory. All options other than

--keydir and --name are ignored.

EOF

}

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

118

108

PUBKEYFILE="$KEYDIR/pubkey.txt"

119

109

120

110

# Check for some invalid values

121

if [ ! -d "$KEYDIR" ]; then

111

if [ -d "$KEYDIR" ]; then :; else

122

112

echo "$KEYDIR not a directory" >&2

123

113

exit 1

124

114

125

if [ ! -r "$KEYDIR" ]; then

126

echo "Directory $KEYDIR not readable" >&2

115

if [ -w "$KEYDIR" ]; then :; else

116

echo "Directory $KEYDIR not writeable" >&2

117

exit 1

118

119

120

if [ "$mode" = password -a -e "$KEYDIR/trustdb.gpg.lock" ]; then

121

echo "Key directory has locked trustdb; aborting." >&2

127

122

exit 1

128

123

129

124

130

125

if [ "$mode" = keygen ]; then

131

if [ ! -w "$KEYDIR" ]; then

132

echo "Directory $KEYDIR not writeable" >&2

133

exit 1

134

135

126

if [ -z "$KEYTYPE" ]; then

136

127

echo "Empty key type" >&2

137

128

exit 1

146

137

echo "Invalid key length" >&2

147

138

exit 1

148

139

149

140

150

141

if [ -z "$KEYEXPIRE" ]; then

151

142

echo "Empty key expiration" >&2

152

143

exit 1

158

149

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

159

150

esac

160

151

161

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

162

-a "$FORCE" -eq 0 ]; then

152

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

153

&& [ "$FORCE" -eq 0 ]; then

163

154

echo "Refusing to overwrite old key files; use --force" >&2

164

155

exit 1

165

156

171

162

if [ -n "$KEYEMAIL" ]; then

172

163

KEYEMAILLINE="Name-Email: $KEYEMAIL"

173

164

174

165

175

166

# Create temporary gpg batch file

176

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

167

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

177

168

178

169

179

170

if [ "$mode" = password ]; then

180

171

# Create temporary encrypted password file

181

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

182

183

184

# Create temporary key ring directory

185

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

172

SECFILE="`mktemp -t mandos-gpg-secfile.XXXXXXXXXX`"

173

174

175

# Create temporary key rings

176

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

177

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

178

179

if [ "$mode" = password ]; then

180

# If a trustdb.gpg file does not already exist, schedule it for

181

# deletion when we are done.

182

if ! [ -e "$KEYDIR/trustdb.gpg" ]; then

183

TRUSTDB="$KEYDIR/trustdb.gpg"

184

185

186

187

# Remove temporary files on exit

188

trap "

189

set +e; \

190

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

191

shred --remove \"$RINGDIR\"/sec*;

192

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

193

rm --recursive --force \"$RINGDIR\";

194

tty --quiet && stty echo; \

190

rm --force $PUBRING ${PUBRING}~ $BATCHFILE $TRUSTDB; \

191

shred --remove $SECRING $SECFILE; \

192

stty echo; \

195

193

" EXIT

196

194

197

set -e

198

199

umask 077

195

umask 027

200

196

201

197

if [ "$mode" = keygen ]; then

202

198

# Create batch file for GnuPG

203

199

cat >"$BATCHFILE" <<-EOF

204

200

Key-Type: $KEYTYPE

205

201

Key-Length: $KEYLENGTH

206

Key-Usage: sign,auth

202

#Key-Usage: encrypt,sign,auth

207

203

Subkey-Type: $SUBKEYTYPE

208

204

Subkey-Length: $SUBKEYLENGTH

209

Subkey-Usage: encrypt

205

#Subkey-Usage: encrypt,sign,auth

210

206

Name-Real: $KEYNAME

211

207

$KEYCOMMENTLINE

212

208

$KEYEMAILLINE

213

209

Expire-Date: $KEYEXPIRE

214

210

#Preferences: <string>

215

211

#Handle: <no-spaces>

216

#%pubring pubring.gpg

217

#%secring secring.gpg

212

%pubring $PUBRING

213

%secring $SECRING

218

214

%commit

219

215

EOF

220

216

221

if tty --quiet; then

222

cat <<-EOF

223

Note: Due to entropy requirements, key generation could take

224

anything from a few minutes to SEVERAL HOURS. Please be

225

patient and/or supply the system with more entropy if needed.

226

EOF

227

echo -n "Started: "

228

date

229

230

231

217

# Generate a new key in the key rings

232

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

233

--homedir "$RINGDIR" --trust-model always \

218

gpg --no-random-seed-file --quiet --batch --no-tty \

219

--no-default-keyring --no-options --enable-dsa2 \

220

--secret-keyring "$SECRING" --keyring "$PUBRING" \

234

221

--gen-key "$BATCHFILE"

235

222

rm --force "$BATCHFILE"

236

237

if tty --quiet; then

238

echo -n "Finished: "

239

date

240

241

223

242

224

# Backup any old key files

243

225

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

244

226

2>/dev/null; then

258

240

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

259

241

260

242

261

# Export key from key rings to key files

262

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

263

--homedir "$RINGDIR" --armor --export-options export-minimal \

264

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

265

--export-secret-keys

266

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

267

--homedir "$RINGDIR" --armor --export-options export-minimal \

268

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

243

# Export keys from key rings to key files

244

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

245

--no-default-keyring --no-options --enable-dsa2 \

246

--secret-keyring "$SECRING" --keyring "$PUBRING" \

247

--export-options export-minimal --comment "$FILECOMMENT" \

248

--output "$SECKEYFILE" --export-secret-keys

249

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

250

--no-default-keyring --no-options --enable-dsa2 \

251

--secret-keyring "$SECRING" --keyring "$PUBRING" \

252

--export-options export-minimal --comment "$FILECOMMENT" \

253

--output "$PUBKEYFILE" --export

269

254

270

255

271

256

if [ "$mode" = password ]; then

272

# Import key into temporary key rings

273

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

274

--homedir "$RINGDIR" --trust-model always --armor \

275

--import "$SECKEYFILE"

276

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

277

--homedir "$RINGDIR" --trust-model always --armor \

278

--import "$PUBKEYFILE"

279

257

# Import keys into temporary key rings

258

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

259

--no-default-keyring --no-options --enable-dsa2 \

260

--homedir "$KEYDIR" --no-permission-warning \

261

--secret-keyring "$SECRING" --keyring "$PUBRING" \

262

--trust-model always --import "$SECKEYFILE"

263

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

264

--no-default-keyring --no-options --enable-dsa2 \

265

--homedir "$KEYDIR" --no-permission-warning \

266

--secret-keyring "$SECRING" --keyring "$PUBRING" \

267

--trust-model always --import "$PUBKEYFILE"

268

280

269

# Get fingerprint of key

281

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

282

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

283

--fingerprint --with-colons \

284

| sed --quiet \

285

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

270

FINGERPRINT="`gpg --no-random-seed-file --quiet --batch --no-tty \

271

--armor --no-default-keyring --no-options --enable-dsa2 \

272

--homedir \"$KEYDIR\" --no-permission-warning \

273

--secret-keyring \"$SECRING\" --keyring \"$PUBRING\" \

274

--trust-model always --fingerprint --with-colons \

275

| sed -n -e '/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

286

276

287

277

test -n "$FINGERPRINT"

288

278

289

279

FILECOMMENT="Encrypted password for a Mandos client"

290

280

291

while [ ! -s "$SECFILE" ]; do

292

if [ -n "$PASSFILE" ]; then

293

cat "$PASSFILE"

294

else

295

tty --quiet && stty -echo

296

echo -n "Enter passphrase: " >&2

297

read first

298

tty --quiet && echo >&2

299

echo -n "Repeat passphrase: " >&2

300

read second

301

if tty --quiet; then

302

echo >&2

303

stty echo

304

305

if [ "$first" != "$second" ]; then

306

echo "Passphrase mismatch" >&2

307

touch "$RINGDIR"/mismatch

308

else

309

echo -n "$first"

310

311

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

312

--homedir "$RINGDIR" --trust-model always --armor \

313

--encrypt --sign --recipient "$FINGERPRINT" --comment \

314

"$FILECOMMENT" > "$SECFILE"

315

if [ -e "$RINGDIR"/mismatch ]; then

316

rm --force "$RINGDIR"/mismatch

317

if tty --quiet; then

318

> "$SECFILE"

319

else

320

exit 1

321

322

323

done

281

stty -echo

282

echo -n "Enter passphrase: " >&2

283

sed -e '1q' \

284

| gpg --no-random-seed-file --batch --no-tty --armor \

285

--no-default-keyring --no-options --enable-dsa2 \

286

--homedir "$KEYDIR" --no-permission-warning \

287

--secret-keyring "$SECRING" --keyring "$PUBRING" \

288

--trust-model always --encrypt --recipient "$FINGERPRINT" \

289

--comment "$FILECOMMENT" \

290

> "$SECFILE"

291

echo >&2

292

stty echo

324

293

325

294

cat <<-EOF

326

295

[$KEYNAME]

327

296

host = $KEYNAME

328

297

fingerprint = $FINGERPRINT

329

298

secret =

330

EOF

331

sed --quiet --expression='

299

EOF

300

sed -n -e '

332

301

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

333

302

/^$/,${

334

303

# Remove 24-bit Radix-64 checksum

347

316

shred --remove "$SECFILE"

348

317

349

318

# Remove the key rings

350

shred --remove "$RINGDIR"/sec*

351

rm --recursive --force "$RINGDIR"

319

shred --remove "$SECRING"

320

rm --force "$PUBRING" "${PUBRING}~"

321

# Remove the trustdb, if one did not exist when we started

322

if [ -n "$TRUSTDB" ]; then

323

rm --force "$TRUSTDB"

324

Older »