~mdw / distorted-keys / blame
| Commit | Line | Data |
|---|---|---|
| c47f2aba MW |
1 | ### -*-sh-*- |
| 2 | ### | |
| 3 | ### Key type for GNU Privacy Guard | |
| 4 | ### | |
| 5 | ### (c) 2011 Mark Wooding | |
| 6 | ### | |
| 7 | ||
| 8 | ###----- Licensing notice --------------------------------------------------- | |
| 9 | ### | |
| 10 | ### This file is part of the distorted.org.uk key management suite. | |
| 11 | ### | |
| 12 | ### distorted-keys is free software; you can redistribute it and/or modify | |
| 13 | ### it under the terms of the GNU General Public License as published by | |
| 14 | ### the Free Software Foundation; either version 2 of the License, or | |
| 15 | ### (at your option) any later version. | |
| 16 | ### | |
| 17 | ### distorted-keys is distributed in the hope that it will be useful, | |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 20 | ### GNU General Public License for more details. | |
| 21 | ### | |
| 22 | ### You should have received a copy of the GNU General Public License | |
| 23 | ### along with distorted-keys; if not, write to the Free Software Foundation, | |
| 24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| 25 | ||
| 26 | run_gnupg () { | |
| 27 | base=$1; shift | |
| 28 | ## Run GnuPG with some standard options. | |
| 29 | ||
| 30 | gpg --homedir="$base" --no-permission-warning -q --batch \ | |
| 31 | --always-trust \ | |
| 32 | "$@" | |
| 33 | } | |
| 34 | ||
| 35 | defprops k_props <<EOF | |
| 36 | main_type t $R_WORD | |
| 37 | main_length t $R_NUMERIC | |
| 38 | sub_type t $R_WORD | |
| 39 | sub_length t $R_NUMERIC | |
| 40 | s2k_cipher t $R_WORD | |
| 41 | s2k_digest t $R_WORD | |
| 42 | cipher_prefs t $R_WORDSEQ | |
| 43 | digest_prefs t $R_WORDSEQ | |
| 44 | compress_prefs t $R_WORDSEQ | |
| 45 | realname t $R_LINE | |
| 46 | comment t $R_LINE | |
| 47 | email t $R_LINE | |
| 48 | EOF | |
| 49 | ||
| 50 | : ${kprop_main_type=RSA} ${kprop_main_length=3072} | |
| 51 | : ${kprop_sub_type=ELG-E} ${kprop_sub_length=3072} | |
| 52 | : ${kprop_cipher_prefs=AES256 AES TWOFISH 3DES BLOWFISH CAST5} | |
| 53 | : ${kprop_digest_prefs=SHA256 SHA1 RIPEMD160} | |
| 54 | : ${kprop_compress_prefs=ZLIB ZIP} | |
| 55 | ||
| 56 | : ${kprop_realname=%{realname\}} ${kprop_email=%{email\}} | |
| 57 | : ${kprop_comment=%{comment-nil\}} | |
| 58 | ||
| fff6c653 MW |
59 | initdir () { |
| 60 | base=$1 | |
| c47f2aba | 61 | |
| c47f2aba MW |
62 | prefs="$kprop_cipher_prefs $kprop_digest_prefs $kprop_compress_prefs" |
| 63 | ||
| 64 | case ${kprop_s2k_cipher+t} in | |
| 65 | t) ;; | |
| 66 | *) set -- $kprop_cipher_prefs; kprop_s2k_cipher=$1 ;; | |
| 67 | esac | |
| 68 | case ${kprop_s2k_digest+t} in | |
| 69 | t) ;; | |
| 70 | *) set -- $kprop_digest_prefs; kprop_s2k_digest=$1 ;; | |
| 71 | esac | |
| 72 | ||
| 73 | cat >"$base/gpg.conf" <<EOF | |
| 74 | ### GnuPG configuration | |
| 75 | ||
| 76 | ## Annoying copyright notice and other tedious warnings. | |
| 77 | no-greeting | |
| 78 | expert | |
| 79 | always-trust | |
| 80 | ||
| 81 | ## Algorithm selection | |
| 82 | s2k-cipher-algo $kprop_s2k_cipher | |
| 83 | s2k-digest-algo $kprop_s2k_digest | |
| 84 | personal-cipher-preferences $kprop_cipher_prefs | |
| 85 | personal-digest-preferences $kprop_digest_prefs | |
| 86 | personal-compress-preferences $kprop_compress_prefs | |
| 87 | default-preference-list $prefs | |
| 88 | EOF | |
| fff6c653 MW |
89 | } |
| 90 | ||
| 91 | k_generate () { | |
| 92 | base=$1 nub=$2 | |
| 93 | ||
| 94 | makenub >"$nub" | |
| 95 | initdir "$base" | |
| c47f2aba MW |
96 | |
| 97 | { cat <<EOF | |
| 98 | Key-Type: $kprop_main_type | |
| 99 | Key-Length: $kprop_main_length | |
| 100 | Passphrase: $(cat "$nub") | |
| 101 | EOF | |
| 102 | case ${kprop_sub_type-nil} in | |
| 103 | nil) ;; | |
| 104 | *) cat <<EOF | |
| 105 | Subkey-Type: $kprop_sub_type | |
| 106 | Subkey-Length: $kprop_sub_length | |
| 107 | EOF | |
| 108 | esac | |
| 109 | real=$(subst "\`realname' value" "$kprop_realname" kopt_ "$R_LINE") | |
| 110 | email=$(subst "\`email' value" "$kprop_email" kopt_ "$R_LINE") | |
| 111 | cat <<EOF | |
| 112 | Name-Real: $real | |
| 113 | Name-Email: $email | |
| 114 | EOF | |
| 115 | comment=$(subst "\`comment' value" "$kprop_comment" kopt_ "$R_LINE") | |
| 116 | case "$comment" in | |
| 117 | ?*) cat <<EOF | |
| 118 | Name-Comment: $comment | |
| 119 | EOF | |
| 120 | ;; | |
| 121 | esac | |
| 122 | } | run_gnupg "$base" --gen-key | |
| 123 | ||
| 124 | ## Commit the new key. | |
| 125 | run_gnupg "$base" --fingerprint --with-colons | \ | |
| 126 | grep '^fpr:' | cut -d: -f10 >"$base/fpr" | |
| 127 | run_gnupg "$base" --export --armor --output="$base/pub" | |
| 128 | } | |
| 129 | ||
| fff6c653 MW |
130 | k_import () { |
| 131 | base=$1 | |
| 132 | ||
| 133 | initdir "$base" | |
| 134 | run_gnupg "$base" --import "$base/pub" | |
| 135 | run_gnupg "$base" --fingerprint --with-colons | \ | |
| 136 | grep '^fpr:' | cut -d: -f10 >"$base/fpr" | |
| 137 | } | |
| 138 | ||
| c47f2aba MW |
139 | k_encrypt () { |
| 140 | base=$1 | |
| 141 | run_gnupg "$base" --encrypt --armor --recipient=$(cat "$base/fpr") | |
| 142 | } | |
| 143 | ||
| 144 | k_decrypt () { | |
| 145 | base=$1 nub=$2 | |
| 146 | run_gnupg "$base" --passphrase-file "$nub" --decrypt | |
| 147 | } | |
| 148 | ||
| 149 | k_sign () { | |
| 150 | base=$1 nub=$2 | |
| 151 | run_gnupg "$base" --passphrase-file "$nub" --detach-sign --armor | |
| 152 | } | |
| 153 | ||
| 154 | k_verify () { | |
| 155 | base=$1 sig=$3 | |
| 156 | echo "$sig" >$tmp/sig | |
| 157 | if run_gnupg "$base" --verify $tmp/sig - >/dev/null 2>$tmp/err | |
| 158 | then :; else | |
| 159 | rc=$? | |
| 160 | cat >&2 $tmp/err | |
| 161 | return $rc | |
| 162 | fi | |
| 163 | } | |
| 164 | ||
| 165 | ###----- That's all, folks -------------------------------------------------- |