/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzrignore

COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

mandos-keygen

#!/bin/sh -e

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.0"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

# Parse options

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,password,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

Key creation:

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

Key creation options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c COMMENT, --comment COMMENT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old keys.

Password creation options:

-p, --password Create an encrypted password using the keys in

the key directory. All options other than

--keydir and --name are ignored.

EOF

}

eval set -- "$TEMP"

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

-l|--length) KEYLENGTH="$2"; shift 2;;

-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;

-n|--name) KEYNAME="$2"; shift 2;;

-e|--email) KEYEMAIL="$2"; shift 2;;

-c|--comment) KEYCOMMENT="$2"; shift 2;;

-x|--expire) KEYEXPIRE="$2"; shift 2;;

-f|--force) FORCE=yes; shift;;

-v|--version) echo "$0 $VERSION"; exit;;

-h|--help) help; exit;;

--) shift; break;;

*) echo "Internal error" >&2; exit 1;;

100

esac

101

done

102

if [ "$#" -gt 0 ]; then

103

echo "Unknown arguments: '$@'" >&2

104

exit 1

105

106

107

SECKEYFILE="$KEYDIR/seckey.txt"

108

PUBKEYFILE="$KEYDIR/pubkey.txt"

109

110

# Check for some invalid values

111

if [ -d "$KEYDIR" ]; then :; else

112

echo "$KEYDIR not a directory" >&2

113

exit 1

114

115

if [ -w "$KEYDIR" ]; then :; else

116

echo "Directory $KEYDIR not writeable" >&2

117

exit 1

118

119

120

if [ "$mode" = password -a -e "$KEYDIR/trustdb.gpg.lock" ]; then

121

echo "Key directory has locked trustdb; aborting." >&2

122

exit 1

123

124

125

if [ "$mode" = keygen ]; then

126

if [ -z "$KEYTYPE" ]; then

127

echo "Empty key type" >&2

128

exit 1

129

130

131

if [ -z "$KEYNAME" ]; then

132

echo "Empty key name" >&2

133

exit 1

134

135

136

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

137

echo "Invalid key length" >&2

138

exit 1

139

140

141

if [ -z "$KEYEXPIRE" ]; then

142

echo "Empty key expiration" >&2

143

exit 1

144

145

146

# Make FORCE be 0 or 1

147

case "$FORCE" in

148

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

149

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

150

esac

151

152

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

153

&& [ "$FORCE" -eq 0 ]; then

154

echo "Refusing to overwrite old key files; use --force" >&2

155

exit 1

156

157

158

# Set lines for GnuPG batch file

159

if [ -n "$KEYCOMMENT" ]; then

160

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

161

162

if [ -n "$KEYEMAIL" ]; then

163

KEYEMAILLINE="Name-Email: $KEYEMAIL"

164

165

166

# Create temporary gpg batch file

167

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

168

169

170

if [ "$mode" = password ]; then

171

# Create temporary encrypted password file

172

SECFILE="`mktemp -t mandos-gpg-secfile.XXXXXXXXXX`"

173

174

175

# Create temporary key rings

176

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

177

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

178

179

if [ "$mode" = password ]; then

180

# If a trustdb.gpg file does not already exist, schedule it for

181

# deletion when we are done.

182

if ! [ -e "$KEYDIR/trustdb.gpg" ]; then

183

TRUSTDB="$KEYDIR/trustdb.gpg"

184

185

186

187

# Remove temporary files on exit

188

trap "

189

set +e; \

190

rm --force $PUBRING ${PUBRING}~ $BATCHFILE $TRUSTDB; \

191

shred --remove $SECRING $SECFILE; \

192

stty echo; \

193

" EXIT

194

195

umask 027

196

197

if [ "$mode" = keygen ]; then

198

# Create batch file for GnuPG

199

cat >"$BATCHFILE" <<-EOF

200

Key-Type: $KEYTYPE

201

Key-Length: $KEYLENGTH

202

#Key-Usage: encrypt,sign,auth

203

Subkey-Type: $SUBKEYTYPE

204

Subkey-Length: $SUBKEYLENGTH

205

#Subkey-Usage: encrypt,sign,auth

206

Name-Real: $KEYNAME

207

$KEYCOMMENTLINE

208

$KEYEMAILLINE

209

Expire-Date: $KEYEXPIRE

210

#Preferences: <string>

211

#Handle: <no-spaces>

212

%pubring $PUBRING

213

%secring $SECRING

214

%commit

215

EOF

216

217

# Generate a new key in the key rings

218

gpg --no-random-seed-file --quiet --batch --no-tty \

219

--no-default-keyring --no-options --enable-dsa2 \

220

--secret-keyring "$SECRING" --keyring "$PUBRING" \

221

--gen-key "$BATCHFILE"

222

rm --force "$BATCHFILE"

223

224

# Backup any old key files

225

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

226

2>/dev/null; then

227

shred --remove "$SECKEYFILE"

228

229

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

230

2>/dev/null; then

231

rm --force "$PUBKEYFILE"

232

233

234

FILECOMMENT="Mandos client key for $KEYNAME"

235

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

236

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

237

238

239

if [ -n "$KEYEMAIL" ]; then

240

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

241

242

243

# Export keys from key rings to key files

244

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

245

--no-default-keyring --no-options --enable-dsa2 \

246

--secret-keyring "$SECRING" --keyring "$PUBRING" \

247

--export-options export-minimal --comment "$FILECOMMENT" \

248

--output "$SECKEYFILE" --export-secret-keys

249

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

250

--no-default-keyring --no-options --enable-dsa2 \

251

--secret-keyring "$SECRING" --keyring "$PUBRING" \

252

--export-options export-minimal --comment "$FILECOMMENT" \

253

--output "$PUBKEYFILE" --export

254

255

256

if [ "$mode" = password ]; then

257

# Import keys into temporary key rings

258

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

259

--no-default-keyring --no-options --enable-dsa2 \

260

--homedir "$KEYDIR" --no-permission-warning \

261

--secret-keyring "$SECRING" --keyring "$PUBRING" \

262

--trust-model always --import "$SECKEYFILE"

263

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

264

--no-default-keyring --no-options --enable-dsa2 \

265

--homedir "$KEYDIR" --no-permission-warning \

266

--secret-keyring "$SECRING" --keyring "$PUBRING" \

267

--trust-model always --import "$PUBKEYFILE"

268

269

# Get fingerprint of key

270

FINGERPRINT="`gpg --no-random-seed-file --quiet --batch --no-tty \

271

--armor --no-default-keyring --no-options --enable-dsa2 \

272

--homedir \"$KEYDIR\" --no-permission-warning \

273

--secret-keyring \"$SECRING\" --keyring \"$PUBRING\" \

274

--trust-model always --fingerprint --with-colons \

275

| sed -n -e '/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

276

277

test -n "$FINGERPRINT"

278

279

FILECOMMENT="Encrypted password for a Mandos client"

280

281

stty -echo

282

echo -n "Enter passphrase: " >&2

283

sed -e '1q' \

284

| gpg --no-random-seed-file --batch --no-tty --armor \

285

--no-default-keyring --no-options --enable-dsa2 \

286

--homedir "$KEYDIR" --no-permission-warning \

287

--secret-keyring "$SECRING" --keyring "$PUBRING" \

288

--trust-model always --encrypt --recipient "$FINGERPRINT" \

289

--comment "$FILECOMMENT" \

290

> "$SECFILE"

291

echo >&2

292

stty echo

293

294

cat <<-EOF

295

[$KEYNAME]

296

host = $KEYNAME

297

fingerprint = $FINGERPRINT

298

secret =

299

EOF

300

sed -n -e '

301

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

302

/^$/,${

303

# Remove 24-bit Radix-64 checksum

304

s/=....$//

305

# Indent four spaces

306

/^[^-]/s/^/ /p

307

}

308

}' < "$SECFILE"

309

310

311

trap - EXIT

312

313

set +e

314

# Remove the password file, if any

315

if [ -n "$SECFILE" ]; then

316

shred --remove "$SECFILE"

317

318

# Remove the key rings

319

shred --remove "$SECRING"

320

rm --force "$PUBRING" "${PUBRING}~"

321

# Remove the trustdb, if one did not exist when we started

322

if [ -n "$TRUSTDB" ]; then

323

rm --force "$TRUSTDB"

324

Older »