To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to mandos-keygen
- browse files at revision 68
- compare with another revision
- download diff
- download tarball
- view history from revision 68
- Committer: Teddy Hogeborn
- Date: 2008-08-12 19:22:34 UTC
- Revision ID: teddy@fukt.bsnet.se-20080812192234-8bm17713ltih9ud1
* initramfs-tools-hook: New.
* initramfs-tools-hook-conf: New.
* initramfs-tools-hook-conf: New.
- files added:
- network-protocol.txt
- files removed:
- COPYING
- files renamed:
- plugin-runner.c => mandos-client.c
- plugin-runner.xml => mandos-client.xml
- files modified:
- Makefile
added
removed
mandos-keygen
1
#!/bin/sh -e
1
#!/bin/sh
2
2
#
3
# Mandos key generator - create a new OpenPGP key for a Mandos client
3
# Mandos key generator - create new OpenPGP keys for Mandos clients
4
4
#
5
5
# Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
6
6
#
20
20
# Contact the authors at <mandos@fukt.bsnet.se>.
21
21
#
22
22
23
VERSION="1.0"
24
25
23
KEYDIR="/etc/mandos"
26
24
KEYTYPE=DSA
27
25
KEYLENGTH=1024
28
SUBKEYTYPE=ELG-E
29
SUBKEYLENGTH=2048
30
26
KEYNAME="`hostname --fqdn`"
31
27
KEYEMAIL=""
32
28
KEYCOMMENT="Mandos client key"
35
31
KEYCOMMENT_ORIG="$KEYCOMMENT"
36
32
37
33
# Parse options
38
TEMP=`getopt --options vhd:t:l:n:e:c:x:f \
39
--longoptions version,help,dir:,type:,length:,name:,email:,comment:,expire:,force \
34
TEMP=`getopt --options d:t:l:n:e:c:x:f \
35
--longoptions dir:,type:,length:,name:,email:,comment:,expire:,force \
40
36
--name "$0" -- "$@"`
41
37
42
help(){
43
cat <<EOF
44
Usage: `basename $0` [options]
45
46
Options:
47
-v, --version Show program's version number and exit
48
-h, --help Show this help message and exit
49
-d DIR, --dir DIR Target directory for key files
50
-t TYPE, --type TYPE Key type. Default is DSA.
51
-l BITS, --length BITS
52
Key length in bits. Default is 1024.
53
-s TYPE, --subtype TYPE
54
Subkey type. Default is ELG-E.
55
-L BITS, --sublength BITS
56
Subkey length in bits. Default is 2048.
57
-n NAME, --name NAME Name of key. Default is the FQDN.
58
-e EMAIL, --email EMAIL
59
Email address of key. Default is empty.
60
-c COMMENT, --comment COMMENT
61
Comment field for key. The default value is
62
"Mandos client key".
63
-x TIME, --expire TIME
64
Key expire time. Default is no expiration.
65
See gpg(1) for syntax.
66
-f, --force Force overwriting old keys.
67
EOF
68
}
69
70
38
eval set -- "$TEMP"
71
39
while :; do
72
40
case "$1" in
73
41
-d|--dir) KEYDIR="$2"; shift 2;;
74
42
-t|--type) KEYTYPE="$2"; shift 2;;
75
-s|--subtype) SUBKEYTYPE="$2"; shift 2;;
76
43
-l|--length) KEYLENGTH="$2"; shift 2;;
77
-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;
78
44
-n|--name) KEYNAME="$2"; shift 2;;
79
45
-e|--email) KEYEMAIL="$2"; shift 2;;
80
46
-c|--comment) KEYCOMMENT="$2"; shift 2;;
81
-x|--expire) KEYEXPIRE="$2"; shift 2;;
47
-x|--expire) KEYCOMMENT="$2"; shift 2;;
82
48
-f|--force) FORCE=yes; shift;;
83
-v|--version) echo "$0 $VERSION"; exit;;
84
-h|--help) help; exit;;
85
49
--) shift; break;;
86
50
*) echo "Internal error" >&2; exit 1;;
87
51
esac
136
100
exit 1
137
101
fi
138
102
139
# Set lines for GnuPG batch file
103
# Set lines for GPG batch file
140
104
if [ -n "$KEYCOMMENT" ]; then
141
105
KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"
142
106
fi
149
113
SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"
150
114
PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"
151
115
152
# Remove temporary files on exit
153
trap "
154
set +e; \
155
rm --force $PUBRING $BATCHFILE; \
156
shred --remove $SECRING; \
157
stty echo; \
158
" EXIT
116
trap "rm --force $PUBRING $BATCHFILE; shred --remove $SECRING" EXIT
159
117
160
# Create batch file for GnuPG
118
# Create batch file for GPG
161
119
cat >"$BATCHFILE" <<EOF
162
120
Key-Type: $KEYTYPE
163
121
Key-Length: $KEYLENGTH
164
122
#Key-Usage: encrypt,sign,auth
165
Subkey-Type: $SUBKEYTYPE
166
Subkey-Length: $SUBKEYLENGTH
167
#Subkey-Usage: encrypt,sign,auth
168
123
Name-Real: $KEYNAME
169
124
$KEYCOMMENTLINE
170
125
$KEYEMAILLINE
171
126
Expire-Date: $KEYEXPIRE
172
#Preferences: <string>
173
#Handle: <no-spaces>
174
127
%pubring $PUBRING
175
128
%secring $SECRING
176
129
%commit
177
130
EOF
178
131
179
132
umask 027
180
181
# Generate a new key in the key rings
182
133
gpg --no-random-seed-file --quiet --batch --no-tty \
183
--no-default-keyring --no-options --enable-dsa2 \
184
--secret-keyring "$SECRING" --keyring "$PUBRING" \
185
--gen-key "$BATCHFILE"
134
--no-default-keyring --batch --secret-keyring "$SECRING" \
135
--keyring "$PUBRING" --gen-key "$BATCHFILE"
186
136
rm --force "$BATCHFILE"
187
137
188
# Backup any old key files
189
138
if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \
190
139
2>/dev/null; then
191
140
shred --remove "$SECKEYFILE"
204
153
FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"
205
154
fi
206
155
207
# Export keys from key rings to key files
208
gpg --no-random-seed-file --quiet --batch --no-tty --armor \
209
--no-default-keyring --no-options --enable-dsa2 \
210
--secret-keyring "$SECRING" --keyring "$PUBRING" \
211
--export-options export-minimal --comment "$FILECOMMENT" \
212
--output "$SECKEYFILE" --export-secret-keys
213
gpg --no-random-seed-file --quiet --batch --no-tty --armor \
214
--no-default-keyring --no-options --enable-dsa2 \
215
--secret-keyring "$SECRING" --keyring "$PUBRING" \
216
--export-options export-minimal --comment "$FILECOMMENT" \
217
--output "$PUBKEYFILE" --export
218
219
trap - EXIT
220
221
# Remove the key rings
222
shred --remove "$SECRING"
223
rm --force "$PUBRING"
156
gpg --no-random-seed-file --quiet --batch --no-tty --armor \
157
--no-default-keyring --secret-keyring "$SECRING" \
158
--keyring "$PUBRING" --export-options export-minimal \
159
--comment "$FILECOMMENT" --output "$SECKEYFILE" \
160
--export-secret-keys
161
gpg --no-random-seed-file --quiet --batch --no-tty --armor \
162
--no-default-keyring --secret-keyring "$SECRING" \
163
--keyring "$PUBRING" --export-options export-minimal \
164
--comment "$FILECOMMENT" --output "$PUBKEYFILE" \
165
--export
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0