From: Daniel Kahn Gillmor Date: Tue, 5 Aug 2008 16:13:49 +0000 (-0400) Subject: cleanup and explanation for seckey2sshagent hack. X-Git-Tag: monkeysphere_0.8-1~63^2~4 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=e238f6d15705176f076ad02d62501190d1008c92;p=monkeysphere.git cleanup and explanation for seckey2sshagent hack. --- diff --git a/src/seckey2sshagent b/src/seckey2sshagent index 1266db5..deab489 100755 --- a/src/seckey2sshagent +++ b/src/seckey2sshagent @@ -21,15 +21,63 @@ cleanup() { echo "done." 1>&2 } +explanation() { + + echo -n "The basic strategy of seckey2sshagent is to dump your +OpenPGP authentication key(s) into your agent. + +This script is a gross hack at the moment. It is done by creating a +new, temporary private keyring, letting the user remove the +passphrases from the keys, and then exporting them. The temporary +private keyring is purged from the system. + +When you use this command, you'll find yourself dropped into a GPG +'edit-key' dialog relevant *only* to the temporary private keyring. + +At that point, you should clear the password from your key, with: + + passwd + + +followed by the empty string for the new password. GPG will ask you +if you're really sure. Answer yes, because this is only relevant to +the temporary keyring. Then, do: + + save + exit + +At this point, your key will be added to your running ssh-agent with +the alias 'monkeysphere-key' and seckey2sshagent should terminate. +You can check on it with: + + ssh-add -l + +" + +} + +# if no hex string is supplied, just print an explanation. +# this covers seckey2sshagent --help, --usage, -h, etc... +if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then + explanation + exit +fi + trap cleanup EXIT -#GPGID="$1" -GPGID=$(echo "$1" | cut -c 25-) +GPGIDS="$1" -FOO=$(mktemp -d) +if [ -z "$GPGIDS" ]; then + # default to using all fingerprints of authentication-enabled keys + GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10) +fi -gpg --export-secret-key $GPGID | GNUPGHOME="$FOO" gpg --import +for GPGID in $GPGIDS; do + TMPPRIVATE=$(mktemp -d) + + gpg --export-secret-key $GPGID | GNUPGHOME="$TMPPRIVATE" gpg --import + # idea to script the password stuff. not working. # read -s -p "enter gpg password: " PASSWD; echo # cmd=$(cat <