/mandos/trunk : revision 13

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen

Committer: Björn Påhlsson
Date: 2008-07-20 02:52:20 UTC
Revision ID: belorn@braxen-20080720025220-r5u0388uy9iu23h6

Added following support:
Pluginbased client handler
rewritten Mandos client
Avahi instead of udp server discovery
openpgp encrypted key support
Passprompt stand alone application for direct console input
Added logging for Mandos server

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

COPYING

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/mandos-client.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

mandos-keygen

#!/bin/sh -e

# Mandos key generator - create a new OpenPGP key for a Mandos client

# This program is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program. If not, see <http://www.gnu.org/licenses/>.

# Contact the authors at <mandos@fukt.bsnet.se>.

VERSION="1.0.14"

KEYDIR="/etc/keys/mandos"

KEYTYPE=DSA

KEYLENGTH=2048

SUBKEYTYPE=ELG-E

SUBKEYLENGTH=2048

KEYNAME="`hostname --fqdn 2>/dev/null || hostname`"

KEYEMAIL=""

KEYCOMMENT="Mandos client key"

KEYEXPIRE=0

FORCE=no

KEYCOMMENT_ORIG="$KEYCOMMENT"

mode=keygen

if [ ! -d "$KEYDIR" ]; then

KEYDIR="/etc/mandos/keys"

# Parse options

TEMP=`getopt --options vhpF:d:t:l:s:L:n:e:c:x:f \

--longoptions version,help,password,passfile:,dir:,type:,length:,subtype:,sublength:,name:,email:,comment:,expire:,force \

--name "$0" -- "$@"`

help(){

basename="`basename $0`"

cat <<EOF

Usage: $basename [ -v | --version ]

$basename [ -h | --help ]

Key creation:

$basename [ OPTIONS ]

Encrypted password creation:

$basename { -p | --password } [ --name NAME ] [ --dir DIR]

$basename { -F | --passfile } FILE [ --name NAME ] [ --dir DIR]

Key creation options:

-v, --version Show program's version number and exit

-h, --help Show this help message and exit

-d DIR, --dir DIR Target directory for key files

-t TYPE, --type TYPE Key type. Default is DSA.

-l BITS, --length BITS

Key length in bits. Default is 2048.

-s TYPE, --subtype TYPE

Subkey type. Default is ELG-E.

-L BITS, --sublength BITS

Subkey length in bits. Default is 2048.

-n NAME, --name NAME Name of key. Default is the FQDN.

-e ADDRESS, --email ADDRESS

Email address of key. Default is empty.

-c TEXT, --comment TEXT

Comment field for key. The default value is

"Mandos client key".

-x TIME, --expire TIME

Key expire time. Default is no expiration.

See gpg(1) for syntax.

-f, --force Force overwriting old key files.

Password creation options:

-p, --password Create an encrypted password using the key in

the key directory. All options other than

--dir and --name are ignored.

-F FILE, --passfile FILE

Encrypt a password from FILE using the key in

the key directory. All options other than

--dir and --name are ignored.

EOF

}

eval set -- "$TEMP"

while :; do

case "$1" in

-p|--password) mode=password; shift;;

-F|--passfile) mode=password; PASSFILE="$2"; shift 2;;

-d|--dir) KEYDIR="$2"; shift 2;;

-t|--type) KEYTYPE="$2"; shift 2;;

-s|--subtype) SUBKEYTYPE="$2"; shift 2;;

100

-l|--length) KEYLENGTH="$2"; shift 2;;

101

-L|--sublength) SUBKEYLENGTH="$2"; shift 2;;

102

-n|--name) KEYNAME="$2"; shift 2;;

103

-e|--email) KEYEMAIL="$2"; shift 2;;

104

-c|--comment) KEYCOMMENT="$2"; shift 2;;

105

-x|--expire) KEYEXPIRE="$2"; shift 2;;

106

-f|--force) FORCE=yes; shift;;

107

-v|--version) echo "$0 $VERSION"; exit;;

108

-h|--help) help; exit;;

109

--) shift; break;;

110

*) echo "Internal error" >&2; exit 1;;

111

esac

112

done

113

if [ "$#" -gt 0 ]; then

114

echo "Unknown arguments: '$@'" >&2

115

exit 1

116

117

118

SECKEYFILE="$KEYDIR/seckey.txt"

119

PUBKEYFILE="$KEYDIR/pubkey.txt"

120

121

# Check for some invalid values

122

if [ ! -d "$KEYDIR" ]; then

123

echo "$KEYDIR not a directory" >&2

124

exit 1

125

126

if [ ! -r "$KEYDIR" ]; then

127

echo "Directory $KEYDIR not readable" >&2

128

exit 1

129

130

131

if [ "$mode" = keygen ]; then

132

if [ ! -w "$KEYDIR" ]; then

133

echo "Directory $KEYDIR not writeable" >&2

134

exit 1

135

136

if [ -z "$KEYTYPE" ]; then

137

echo "Empty key type" >&2

138

exit 1

139

140

141

if [ -z "$KEYNAME" ]; then

142

echo "Empty key name" >&2

143

exit 1

144

145

146

if [ -z "$KEYLENGTH" ] || [ "$KEYLENGTH" -lt 512 ]; then

147

echo "Invalid key length" >&2

148

exit 1

149

150

151

if [ -z "$KEYEXPIRE" ]; then

152

echo "Empty key expiration" >&2

153

exit 1

154

155

156

# Make FORCE be 0 or 1

157

case "$FORCE" in

158

[Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]) FORCE=1;;

159

[Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|*) FORCE=0;;

160

esac

161

162

if [ $ -e "$SECKEYFILE" -o -e "$PUBKEYFILE" $ \

163

-a "$FORCE" -eq 0 ]; then

164

echo "Refusing to overwrite old key files; use --force" >&2

165

exit 1

166

167

168

# Set lines for GnuPG batch file

169

if [ -n "$KEYCOMMENT" ]; then

170

KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"

171

172

if [ -n "$KEYEMAIL" ]; then

173

KEYEMAILLINE="Name-Email: $KEYEMAIL"

174

175

176

# Create temporary gpg batch file

177

BATCHFILE="`mktemp -t mandos-keygen-batch.XXXXXXXXXX`"

178

179

180

if [ "$mode" = password ]; then

181

# Create temporary encrypted password file

182

SECFILE="`mktemp -t mandos-keygen-secfile.XXXXXXXXXX`"

183

184

185

# Create temporary key ring directory

186

RINGDIR="`mktemp -d -t mandos-keygen-keyrings.XXXXXXXXXX`"

187

188

# Remove temporary files on exit

189

trap "

190

set +e; \

191

test -n \"$SECFILE\" && shred --remove \"$SECFILE\"; \

192

shred --remove \"$RINGDIR\"/sec*;

193

test -n \"$BATCHFILE\" && rm --force \"$BATCHFILE\"; \

194

rm --recursive --force \"$RINGDIR\";

195

stty echo; \

196

" EXIT

197

198

umask 077

199

200

if [ "$mode" = keygen ]; then

201

# Create batch file for GnuPG

202

cat >"$BATCHFILE" <<-EOF

203

Key-Type: $KEYTYPE

204

Key-Length: $KEYLENGTH

205

#Key-Usage: encrypt,sign,auth

206

Subkey-Type: $SUBKEYTYPE

207

Subkey-Length: $SUBKEYLENGTH

208

#Subkey-Usage: encrypt,sign,auth

209

Name-Real: $KEYNAME

210

$KEYCOMMENTLINE

211

$KEYEMAILLINE

212

Expire-Date: $KEYEXPIRE

213

#Preferences: <string>

214

#Handle: <no-spaces>

215

#%pubring pubring.gpg

216

#%secring secring.gpg

217

%commit

218

EOF

219

220

if tty --quiet; then

221

cat <<-EOF

222

Note: Due to entropy requirements, key generation could take

223

anything from a few minutes to SEVERAL HOURS. Please be

224

patient and/or supply the system with more entropy if needed.

225

EOF

226

echo -n "Started: "

227

date

228

229

230

# Generate a new key in the key rings

231

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

232

--homedir "$RINGDIR" --trust-model always \

233

--gen-key "$BATCHFILE"

234

rm --force "$BATCHFILE"

235

236

if tty --quiet; then

237

echo -n "Finished: "

238

date

239

240

241

# Backup any old key files

242

if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \

243

2>/dev/null; then

244

shred --remove "$SECKEYFILE"

245

246

if cp --backup=numbered --force "$PUBKEYFILE" "$PUBKEYFILE" \

247

2>/dev/null; then

248

rm --force "$PUBKEYFILE"

249

250

251

FILECOMMENT="Mandos client key for $KEYNAME"

252

if [ "$KEYCOMMENT" != "$KEYCOMMENT_ORIG" ]; then

253

FILECOMMENT="$FILECOMMENT ($KEYCOMMENT)"

254

255

256

if [ -n "$KEYEMAIL" ]; then

257

FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"

258

259

260

# Export key from key rings to key files

261

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

262

--homedir "$RINGDIR" --armor --export-options export-minimal \

263

--comment "$FILECOMMENT" --output "$SECKEYFILE" \

264

--export-secret-keys

265

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

266

--homedir "$RINGDIR" --armor --export-options export-minimal \

267

--comment "$FILECOMMENT" --output "$PUBKEYFILE" --export

268

269

270

if [ "$mode" = password ]; then

271

# Import key into temporary key rings

272

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

273

--homedir "$RINGDIR" --trust-model always --armor \

274

--import "$SECKEYFILE"

275

gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

276

--homedir "$RINGDIR" --trust-model always --armor \

277

--import "$PUBKEYFILE"

278

279

# Get fingerprint of key

280

FINGERPRINT="`gpg --quiet --batch --no-tty --no-options \

281

--enable-dsa2 --homedir \"$RINGDIR\" --trust-model always \

282

--fingerprint --with-colons \

283

| sed --quiet \

284

--expression='/^fpr:/{s/^fpr:.*:\$[0-9A-Z]*\$:\$/\\1/p;q}'`"

285

286

test -n "$FINGERPRINT"

287

288

FILECOMMENT="Encrypted password for a Mandos client"

289

290

if [ -n "$PASSFILE" ]; then

291

cat "$PASSFILE"

292

else

293

stty -echo

294

echo -n "Enter passphrase: " >&2

295

first="$(head --lines=1 | tr --delete '\n')"

296

echo -n -e "\nRepeat passphrase: " >&2

297

second="$(head --lines=1 | tr --delete '\n')"

298

echo >&2

299

stty echo

300

if [ "$first" != "$second" ]; then

301

echo -e "Passphrase mismatch" >&2

302

touch "$RINGDIR"/mismatch

303

else

304

echo -n "$first"

305

306

fi | gpg --quiet --batch --no-tty --no-options --enable-dsa2 \

307

--homedir "$RINGDIR" --trust-model always --armor --encrypt \

308

--sign --recipient "$FINGERPRINT" --comment "$FILECOMMENT" \

309

> "$SECFILE"

310

if [ -e "$RINGDIR"/mismatch ]; then

311

rm --force "$RINGDIR"/mismatch

312

exit 1

313

314

315

cat <<-EOF

316

[$KEYNAME]

317

host = $KEYNAME

318

fingerprint = $FINGERPRINT

319

secret =

320

EOF

321

sed --quiet --expression='

322

/^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{

323

/^$/,${

324

# Remove 24-bit Radix-64 checksum

325

s/=....$//

326

# Indent four spaces

327

/^[^-]/s/^/ /p

328

}

329

}' < "$SECFILE"

330

331

332

trap - EXIT

333

334

set +e

335

# Remove the password file, if any

336

if [ -n "$SECFILE" ]; then

337

shred --remove "$SECFILE"

338

339

# Remove the key rings

340

shred --remove "$RINGDIR"/sec*

341

rm --recursive --force "$RINGDIR"

Older »