/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
DBUS-API

bugs.xml

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

intro.xml

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/plymouth.c

plugins.d/plymouth.xml

tmpfiles.d-mandos.conf

files modified:
.bzrignore

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# This file is part of Mandos.

# Mandos is free software: you can redistribute it and/or modify it

# under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# Mandos is distributed in the hope that it will be useful, but

# WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# along with Mandos. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

# Contact the authors at <mandos@recompile.se>.

VERSION="1.0.5"

VERSION="1.7.19"

KEYDIR="/etc/keys/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYTYPE=RSA

KEYLENGTH=4096

SUBKEYTYPE=RSA

SUBKEYLENGTH=4096

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYCOMMENT=""

KEYEXPIRE=0

FORCE=no

SSH=yes

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:fS \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force,no-ssh \

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

basename="`basename "$0"`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-t TYPE, --type TYPE Key type. Default is RSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

Key length in bits. Default is 4096.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

Subkey type. Default is RSA.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

Subkey length in bits. Default is 4096.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c TEXT, --comment TEXT

Comment field for key. The default value is

"Mandos client key".

Comment field for key. The default is empty.

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

-S, --no-ssh Don't get SSH key or set "checker" option.

EOF

}

104

107

-c|--comment) KEYCOMMENT="$2"; shift 2;;

105

108

-x|--expire) KEYEXPIRE="$2"; shift 2;;

106

109

-f|--force) FORCE=yes; shift;;

110

-S|--no-ssh) SSH=no; shift;;

107

111

-v|--version) echo "$0 $VERSION"; exit;;

108

112

-h|--help) help; exit;;

109

113

--) shift; break;;

111

115

esac

112

116

done

113

117

if [ "$#" -gt 0 ]; then

114

echo "Unknown arguments: '$@'" >&2

118

echo "Unknown arguments: '$*'" >&2

115

119

exit 1

116

120

117

121

159

163

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

160

164

esac

161

165

162

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

163

-a "$FORCE" -eq 0 ]; then

166

if { [ -e "$SECKEYFILE" ] || [ -e "$PUBKEYFILE" ]; } \

167

&& [ "$FORCE" -eq 0 ]; then

164

168

echo "Refusing to overwrite old key files; use --force" >&2

165

169

exit 1

166

170

189

193

trap "

190

194

set +e; \

191

195

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

192

shred --remove \"$RINGDIR\"/sec*;

196

shred --remove \"$RINGDIR\"/sec* 2>/dev/null;

193

197

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

194

198

rm --recursive --force \"$RINGDIR\";

195

stty echo; \

199

tty --quiet && stty echo; \

196

200

" EXIT

197

201

202

set -e

203

198

204

umask 077

199

205

200

206

if [ "$mode" = keygen ]; then

202

208

cat >"$BATCHFILE" <<-EOF

203

209

Key-Type: $KEYTYPE

204

210

Key-Length: $KEYLENGTH

205

#Key-Usage: encrypt,sign,auth

211

Key-Usage: sign,auth

206

212

Subkey-Type: $SUBKEYTYPE

207

213

Subkey-Length: $SUBKEYLENGTH

208

#Subkey-Usage: encrypt,sign,auth

214

Subkey-Usage: encrypt

209

215

Name-Real: $KEYNAME

210

216

$KEYCOMMENTLINE

211

217

$KEYEMAILLINE

214

220

#Handle: <no-spaces>

215

221

#%pubring pubring.gpg

216

222

#%secring secring.gpg

223

%no-protection

217

224

%commit

218

225

EOF

219

226

227

if tty --quiet; then

228

cat <<-EOF

229

Note: Due to entropy requirements, key generation could take

230

anything from a few minutes to SEVERAL HOURS. Please be

231

patient and/or supply the system with more entropy if needed.

232

EOF

233

echo -n "Started: "

234

date

235

236

237

# Make sure trustdb.gpg exists;

238

# this is a workaround for Debian bug #737128

239

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

240

--homedir "$RINGDIR" \

241

--import-ownertrust < /dev/null

220

242

# Generate a new key in the key rings

221

243

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

222

244

--homedir "$RINGDIR" --trust-model always \

223

245

--gen-key "$BATCHFILE"

224

246

rm --force "$BATCHFILE"

225

247

248

if tty --quiet; then

249

echo -n "Finished: "

250

date

251

252

226

253

# Backup any old key files

227

254

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

228

255

2>/dev/null; then

253

280

254

281

255

282

if [ "$mode" = password ]; then

283

284

# Make SSH be 0 or 1

285

case "$SSH" in

286

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) SSH=1;;

287

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) SSH=0;;

288

esac

289

290

if [ $SSH -eq 1 ]; then

291

for ssh_keytype in ecdsa-sha2-nistp256 ed25519 rsa; do

292

set +e

293

ssh_fingerprint="`ssh-keyscan -t $ssh_keytype localhost 2>/dev/null`"

294

err=$?

295

set -e

296

if [ $err -ne 0 ]; then

297

ssh_fingerprint=""

298

continue

299

300

if [ -n "$ssh_fingerprint" ]; then

301

ssh_fingerprint="${ssh_fingerprint#localhost }"

302

break

303

304

done

305

306

256

307

# Import key into temporary key rings

257

308

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

258

309

--homedir "$RINGDIR" --trust-model always --armor \

263

314

264

315

# Get fingerprint of key

265

316

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

266

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

317

--enable-dsa2 --homedir "$RINGDIR" --trust-model always \

267

318

--fingerprint --with-colons \

268

319

| sed --quiet \

269

320

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

272

323

273

324

FILECOMMENT="Encrypted password for a Mandos client"

274

325

275

if [ -n "$PASSFILE" ]; then

276

cat "$PASSFILE"

277

else

278

stty -echo

279

echo -n "Enter passphrase: " >&2

280

first="$(head --lines=1 | tr --delete '\n')"

281

echo -n -e "\nRepeat passphrase: " >&2

282

second="$(head --lines=1 | tr --delete '\n')"

283

echo >&2

284

stty echo

285

if [ "$first" != "$second" ]; then

286

echo -e "Passphrase mismatch" >&2

287

touch "$RINGDIR"/mismatch

326

while [ ! -s "$SECFILE" ]; do

327

if [ -n "$PASSFILE" ]; then

328

cat "$PASSFILE"

288

329

else

289

echo -n "$first"

330

tty --quiet && stty -echo

331

echo -n "Enter passphrase: " >/dev/tty

332

read -r first

333

tty --quiet && echo >&2

334

echo -n "Repeat passphrase: " >/dev/tty

335

read -r second

336

if tty --quiet; then

337

echo >&2

338

stty echo

339

340

if [ "$first" != "$second" ]; then

341

echo "Passphrase mismatch" >&2

342

touch "$RINGDIR"/mismatch

343

else

344

echo -n "$first"

345

346

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

347

--homedir "$RINGDIR" --trust-model always --armor \

348

--encrypt --sign --recipient "$FINGERPRINT" --comment \

349

"$FILECOMMENT" > "$SECFILE"

350

if [ -e "$RINGDIR"/mismatch ]; then

351

rm --force "$RINGDIR"/mismatch

352

if tty --quiet; then

353

> "$SECFILE"

354

else

355

exit 1

356

290

357

291

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

292

--homedir "$RINGDIR" --trust-model always --armor --encrypt \

293

--sign --recipient "$FINGERPRINT" --comment "$FILECOMMENT" \

294

> "$SECFILE"

295

if [ -e "$RINGDIR"/mismatch ]; then

296

rm --force "$RINGDIR"/mismatch

297

exit 1

298

358

done

299

359

300

360

cat <<-EOF

301

361

[$KEYNAME]

312

372

/^[^-]/s/^/ /p

313

373

}

314

374

}' < "$SECFILE"

375

if [ -n "$ssh_fingerprint" ]; then

376

echo 'checker = ssh-keyscan -t '"$ssh_keytype"' %%(host)s 2>/dev/null | grep --fixed-strings --line-regexp --quiet --regexp=%%(host)s" %(ssh_fingerprint)s"'

377

echo "ssh_fingerprint = ${ssh_fingerprint}"

378

315

379

316

380

317

381

trap - EXIT

322

386

shred --remove "$SECFILE"

323

387

324

388

# Remove the key rings

325

shred --remove "$RINGDIR"/sec*

389

shred --remove "$RINGDIR"/sec* 2>/dev/null

326

390

rm --recursive --force "$RINGDIR"

Older »