/mandos/trunk : revision 723.1.4

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2014-07-25 23:16:04 UTC
mto: This revision was merged to the branch mainline in revision 724.
Revision ID: teddy@recompile.se-20140725231604-f5c4f82rn2o5ll1k

Use the .items() method instead of .iteritems().

This is strictly not a Python 2.7 change, but Python 2.7 backported
the new .viewitems() from Python 3, and instead of changing .items()
to .viewitems() and later having to change them all into .items()
again in Python 3, I opted to just change all .iteritems() to .items()
so the code will work both now and with Python 3.  The slowdown with
Python 2 is not significant, and with Python 3 it will again be fast.

* mandos (Client.__init__): Use .items() instead of .iteritems().
  (DBusObjectWithProperties.Introspect): - '' -
  (alternate_dbus_interfaces/wrapper): - '' -
  (main): - '' -
* mandos-ctl (main): - '' -

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

# Contact the authors at <mandos@recompile.se>.

VERSION="1.0"

VERSION="1.6.7"

KEYDIR="/etc/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn`"

KEYDIR="/etc/keys/mandos"

KEYTYPE=RSA

KEYLENGTH=4096

SUBKEYTYPE=RSA

SUBKEYLENGTH=4096

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYCOMMENT=""

KEYEXPIRE=0

FORCE=no

SSH=yes

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhd:t:l:n:e:c:x:f \

--longoptions version,help,password,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:fS \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force,no-ssh \

--name "$0" -- "$@"`

help(){

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Key creation options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-t TYPE, --type TYPE Key type. Default is RSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

Key length in bits. Default is 4096.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

Subkey type. Default is RSA.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

Subkey length in bits. Default is 4096.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c TEXT, --comment TEXT

Comment field for key. The default value is

"Mandos client key".

Comment field for key. The default is empty.

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old keys.

-f, --force Force overwriting old key files.

Password creation options:

-p, --password Create an encrypted password using the keys in

the key directory. All options other than

--dir and --name are ignored.

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-S, --no-ssh Don't get SSH key or set "checker" option.

EOF

}

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

100

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

105

-c|--comment) KEYCOMMENT="$2"; shift 2;;

106

-x|--expire) KEYEXPIRE="$2"; shift 2;;

107

-f|--force) FORCE=yes; shift;;

108

-S|--no-ssh) SSH=no; shift;;

109

-v|--version) echo "$0 $VERSION"; exit;;

110

-h|--help) help; exit;;

111

--) shift; break;;

108

121

PUBKEYFILE="$KEYDIR/pubkey.txt"

109

122

110

123

# Check for some invalid values

111

if [ -d "$KEYDIR" ]; then :; else

124

if [ ! -d "$KEYDIR" ]; then

112

125

echo "$KEYDIR not a directory" >&2

113

126

exit 1

114

127

115

if [ -w "$KEYDIR" ]; then :; else

116

echo "Directory $KEYDIR not writeable" >&2

117

exit 1

118

119

120

if [ "$mode" = password -a -e "$KEYDIR/trustdb.gpg.lock" ]; then

121

echo "Key directory has locked trustdb; aborting." >&2

128

if [ ! -r "$KEYDIR" ]; then

129

echo "Directory $KEYDIR not readable" >&2

122

130

exit 1

123

131

124

132

125

133

if [ "$mode" = keygen ]; then

134

if [ ! -w "$KEYDIR" ]; then

135

echo "Directory $KEYDIR not writeable" >&2

136

exit 1

137

126

138

if [ -z "$KEYTYPE" ]; then

127

139

echo "Empty key type" >&2

128

140

exit 1

137

149

echo "Invalid key length" >&2

138

150

exit 1

139

151

140

152

141

153

if [ -z "$KEYEXPIRE" ]; then

142

154

echo "Empty key expiration" >&2

143

155

exit 1

149

161

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

150

162

esac

151

163

152

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

153

&& [ "$FORCE" -eq 0 ]; then

164

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

165

-a "$FORCE" -eq 0 ]; then

154

166

echo "Refusing to overwrite old key files; use --force" >&2

155

167

exit 1

156

168

162

174

if [ -n "$KEYEMAIL" ]; then

163

175

KEYEMAILLINE="Name-Email: $KEYEMAIL"

164

176

165

177

166

178

# Create temporary gpg batch file

167

BATCHFILE="`mktemp -t mandos-gpg-batch.XXXXXXXXXX`"

179

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

168

180

169

181

170

182

if [ "$mode" = password ]; then

171

183

# Create temporary encrypted password file

172

SECFILE="`mktemp -t mandos-gpg-secfile.XXXXXXXXXX`"

173

174

175

# Create temporary key rings

176

SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"

177

PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"

178

179

if [ "$mode" = password ]; then

180

# If a trustdb.gpg file does not already exist, schedule it for

181

# deletion when we are done.

182

if ! [ -e "$KEYDIR/trustdb.gpg" ]; then

183

TRUSTDB="$KEYDIR/trustdb.gpg"

184

185

184

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

185

186

187

# Create temporary key ring directory

188

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

186

189

187

190

# Remove temporary files on exit

188

191

trap "

189

192

set +e; \

190

rm --force $PUBRING ${PUBRING}~ $BATCHFILE $TRUSTDB; \

191

shred --remove $SECRING $SECFILE; \

192

stty echo; \

193

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

194

shred --remove \"$RINGDIR\"/sec* 2>/dev/null;

195

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

196

rm --recursive --force \"$RINGDIR\";

197

tty --quiet && stty echo; \

193

198

" EXIT

194

199

195

umask 027

200

set -e

201

202

umask 077

196

203

197

204

if [ "$mode" = keygen ]; then

198

205

# Create batch file for GnuPG

199

206

cat >"$BATCHFILE" <<-EOF

200

207

Key-Type: $KEYTYPE

201

208

Key-Length: $KEYLENGTH

202

#Key-Usage: encrypt,sign,auth

209

Key-Usage: sign,auth

203

210

Subkey-Type: $SUBKEYTYPE

204

211

Subkey-Length: $SUBKEYLENGTH

205

#Subkey-Usage: encrypt,sign,auth

212

Subkey-Usage: encrypt

206

213

Name-Real: $KEYNAME

207

214

$KEYCOMMENTLINE

208

215

$KEYEMAILLINE

209

216

Expire-Date: $KEYEXPIRE

210

217

#Preferences: <string>

211

218

#Handle: <no-spaces>

212

%pubring $PUBRING

213

%secring $SECRING

219

#%pubring pubring.gpg

220

#%secring secring.gpg

214

221

%commit

215

222

EOF

216

223

224

if tty --quiet; then

225

cat <<-EOF

226

Note: Due to entropy requirements, key generation could take

227

anything from a few minutes to SEVERAL HOURS. Please be

228

patient and/or supply the system with more entropy if needed.

229

EOF

230

echo -n "Started: "

231

date

232

233

234

# Make sure trustdb.gpg exists;

235

# this is a workaround for Debian bug #737128

236

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

237

--homedir "$RINGDIR" \

238

--import-ownertrust < /dev/null

217

239

# Generate a new key in the key rings

218

gpg --no-random-seed-file --quiet --batch --no-tty \

219

--no-default-keyring --no-options --enable-dsa2 \

220

--secret-keyring "$SECRING" --keyring "$PUBRING" \

240

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

241

--homedir "$RINGDIR" --trust-model always \

221

242

--gen-key "$BATCHFILE"

222

243

rm --force "$BATCHFILE"

223

244

245

if tty --quiet; then

246

echo -n "Finished: "

247

date

248

249

224

250

# Backup any old key files

225

251

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

226

252

2>/dev/null; then

240

266

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

241

267

242

268

243

# Export keys from key rings to key files

244

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

245

--no-default-keyring --no-options --enable-dsa2 \

246

--secret-keyring "$SECRING" --keyring "$PUBRING" \

247

--export-options export-minimal --comment "$FILECOMMENT" \

248

--output "$SECKEYFILE" --export-secret-keys

249

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

250

--no-default-keyring --no-options --enable-dsa2 \

251

--secret-keyring "$SECRING" --keyring "$PUBRING" \

252

--export-options export-minimal --comment "$FILECOMMENT" \

253

--output "$PUBKEYFILE" --export

269

# Export key from key rings to key files

270

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

271

--homedir "$RINGDIR" --armor --export-options export-minimal \

272

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

273

--export-secret-keys

274

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

275

--homedir "$RINGDIR" --armor --export-options export-minimal \

276

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

254

277

255

278

256

279

if [ "$mode" = password ]; then

257

# Import keys into temporary key rings

258

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

259

--no-default-keyring --no-options --enable-dsa2 \

260

--homedir "$KEYDIR" --no-permission-warning \

261

--secret-keyring "$SECRING" --keyring "$PUBRING" \

262

--trust-model always --import "$SECKEYFILE"

263

gpg --no-random-seed-file --quiet --batch --no-tty --armor \

264

--no-default-keyring --no-options --enable-dsa2 \

265

--homedir "$KEYDIR" --no-permission-warning \

266

--secret-keyring "$SECRING" --keyring "$PUBRING" \

267

--trust-model always --import "$PUBKEYFILE"

268

280

281

# Make SSH be 0 or 1

282

case "$SSH" in

283

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) SSH=1;;

284

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) SSH=0;;

285

esac

286

287

if [ $SSH -eq 1 ]; then

288

set +e

289

ssh_fingerprint="`ssh-keyscan localhost 2>/dev/null`"

290

if [ $? -ne 0 ]; then

291

ssh_fingerprint=""

292

293

set -e

294

ssh_fingerprint="${ssh_fingerprint#localhost }"

295

296

297

# Import key into temporary key rings

298

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

299

--homedir "$RINGDIR" --trust-model always --armor \

300

--import "$SECKEYFILE"

301

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

302

--homedir "$RINGDIR" --trust-model always --armor \

303

--import "$PUBKEYFILE"

304

269

305

# Get fingerprint of key

270

FINGERPRINT="`gpg --no-random-seed-file --quiet --batch --no-tty \

271

--armor --no-default-keyring --no-options --enable-dsa2 \

272

--homedir \"$KEYDIR\" --no-permission-warning \

273

--secret-keyring \"$SECRING\" --keyring \"$PUBRING\" \

274

--trust-model always --fingerprint --with-colons \

275

| sed -n -e '/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

306

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

307

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

308

--fingerprint --with-colons \

309

| sed --quiet \

310

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

276

311

277

312

test -n "$FINGERPRINT"

278

313

279

314

FILECOMMENT="Encrypted password for a Mandos client"

280

315

281

stty -echo

282

echo -n "Enter passphrase: " >&2

283

sed -e '1q' \

284

| gpg --no-random-seed-file --batch --no-tty --armor \

285

--no-default-keyring --no-options --enable-dsa2 \

286

--homedir "$KEYDIR" --no-permission-warning \

287

--secret-keyring "$SECRING" --keyring "$PUBRING" \

288

--trust-model always --encrypt --recipient "$FINGERPRINT" \

289

--comment "$FILECOMMENT" \

290

> "$SECFILE"

291

echo >&2

292

stty echo

316

while [ ! -s "$SECFILE" ]; do

317

if [ -n "$PASSFILE" ]; then

318

cat "$PASSFILE"

319

else

320

tty --quiet && stty -echo

321

echo -n "Enter passphrase: " >&2

322

read first

323

tty --quiet && echo >&2

324

echo -n "Repeat passphrase: " >&2

325

read second

326

if tty --quiet; then

327

echo >&2

328

stty echo

329

330

if [ "$first" != "$second" ]; then

331

echo "Passphrase mismatch" >&2

332

touch "$RINGDIR"/mismatch

333

else

334

echo -n "$first"

335

336

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

337

--homedir "$RINGDIR" --trust-model always --armor \

338

--encrypt --sign --recipient "$FINGERPRINT" --comment \

339

"$FILECOMMENT" > "$SECFILE"

340

if [ -e "$RINGDIR"/mismatch ]; then

341

rm --force "$RINGDIR"/mismatch

342

if tty --quiet; then

343

> "$SECFILE"

344

else

345

exit 1

346

347

348

done

293

349

294

350

cat <<-EOF

295

351

[$KEYNAME]

296

352

host = $KEYNAME

297

353

fingerprint = $FINGERPRINT

298

354

secret =

299

EOF

300

sed -n -e '

355

EOF

356

sed --quiet --expression='

301

357

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

302

358

/^$/,${

303

359

# Remove 24-bit Radix-64 checksum

306

362

/^[^-]/s/^/ /p

307

363

}

308

364

}' < "$SECFILE"

365

if [ -n "$ssh_fingerprint" ]; then

366

echo 'checker = ssh-keyscan %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp="%%(host)s %(ssh_fingerprint)s"'

367

echo "ssh_fingerprint = ${ssh_fingerprint}"

368

309

369

310

370

311

371

trap - EXIT

316

376

shred --remove "$SECFILE"

317

377

318

378

# Remove the key rings

319

shred --remove "$SECRING"

320

rm --force "$PUBRING" "${PUBRING}~"

321

# Remove the trustdb, if one did not exist when we started

322

if [ -n "$TRUSTDB" ]; then

323

rm --force "$TRUSTDB"

324

379

shred --remove "$RINGDIR"/sec* 2>/dev/null

380

rm --recursive --force "$RINGDIR"

Older »