| 1 | ### -*-sh-*- |
| 2 | ### |
| 3 | ### Key type for GNU Privacy Guard |
| 4 | ### |
| 5 | ### (c) 2011 Mark Wooding |
| 6 | ### |
| 7 | |
| 8 | ###----- Licensing notice --------------------------------------------------- |
| 9 | ### |
| 10 | ### This file is part of the distorted.org.uk key management suite. |
| 11 | ### |
| 12 | ### distorted-keys is free software; you can redistribute it and/or modify |
| 13 | ### it under the terms of the GNU General Public License as published by |
| 14 | ### the Free Software Foundation; either version 2 of the License, or |
| 15 | ### (at your option) any later version. |
| 16 | ### |
| 17 | ### distorted-keys is distributed in the hope that it will be useful, |
| 18 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | ### GNU General Public License for more details. |
| 21 | ### |
| 22 | ### You should have received a copy of the GNU General Public License |
| 23 | ### along with distorted-keys; if not, write to the Free Software Foundation, |
| 24 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
| 25 | |
| 26 | run_gnupg () { |
| 27 | base=$1; shift |
| 28 | ## Run GnuPG with some standard options. |
| 29 | |
| 30 | gpg --homedir="$base" --no-permission-warning -q --batch \ |
| 31 | --always-trust \ |
| 32 | "$@" |
| 33 | } |
| 34 | |
| 35 | defprops k_props <<EOF |
| 36 | main_type t $R_WORD |
| 37 | main_length t $R_NUMERIC |
| 38 | sub_type t $R_WORD |
| 39 | sub_length t $R_NUMERIC |
| 40 | s2k_cipher t $R_WORD |
| 41 | s2k_digest t $R_WORD |
| 42 | cipher_prefs t $R_WORDSEQ |
| 43 | digest_prefs t $R_WORDSEQ |
| 44 | compress_prefs t $R_WORDSEQ |
| 45 | realname t $R_LINE |
| 46 | comment t $R_LINE |
| 47 | email t $R_LINE |
| 48 | EOF |
| 49 | |
| 50 | : ${kprop_main_type=RSA} ${kprop_main_length=3072} |
| 51 | : ${kprop_sub_type=ELG-E} ${kprop_sub_length=3072} |
| 52 | : ${kprop_cipher_prefs=AES256 AES TWOFISH 3DES BLOWFISH CAST5} |
| 53 | : ${kprop_digest_prefs=SHA256 SHA1 RIPEMD160} |
| 54 | : ${kprop_compress_prefs=ZLIB ZIP} |
| 55 | |
| 56 | : ${kprop_realname=%{realname\}} ${kprop_email=%{email\}} |
| 57 | : ${kprop_comment=%{comment-nil\}} |
| 58 | |
| 59 | initdir () { |
| 60 | base=$1 |
| 61 | |
| 62 | prefs="$kprop_cipher_prefs $kprop_digest_prefs $kprop_compress_prefs" |
| 63 | |
| 64 | case ${kprop_s2k_cipher+t} in |
| 65 | t) ;; |
| 66 | *) set -- $kprop_cipher_prefs; kprop_s2k_cipher=$1 ;; |
| 67 | esac |
| 68 | case ${kprop_s2k_digest+t} in |
| 69 | t) ;; |
| 70 | *) set -- $kprop_digest_prefs; kprop_s2k_digest=$1 ;; |
| 71 | esac |
| 72 | |
| 73 | cat >"$base/gpg.conf" <<EOF |
| 74 | ### GnuPG configuration |
| 75 | |
| 76 | ## Annoying copyright notice and other tedious warnings. |
| 77 | no-greeting |
| 78 | expert |
| 79 | always-trust |
| 80 | |
| 81 | ## Algorithm selection |
| 82 | s2k-cipher-algo $kprop_s2k_cipher |
| 83 | s2k-digest-algo $kprop_s2k_digest |
| 84 | personal-cipher-preferences $kprop_cipher_prefs |
| 85 | personal-digest-preferences $kprop_digest_prefs |
| 86 | personal-compress-preferences $kprop_compress_prefs |
| 87 | default-preference-list $prefs |
| 88 | EOF |
| 89 | } |
| 90 | |
| 91 | k_generate () { |
| 92 | base=$1 nub=$2 |
| 93 | |
| 94 | initdir "$base" |
| 95 | |
| 96 | { cat <<EOF |
| 97 | Key-Type: $kprop_main_type |
| 98 | Key-Length: $kprop_main_length |
| 99 | Passphrase: $(cat "$nub") |
| 100 | EOF |
| 101 | case ${kprop_sub_type-nil} in |
| 102 | nil) ;; |
| 103 | *) cat <<EOF |
| 104 | Subkey-Type: $kprop_sub_type |
| 105 | Subkey-Length: $kprop_sub_length |
| 106 | EOF |
| 107 | esac |
| 108 | real=$(subst "\`realname' value" "$kprop_realname" kopt_ "$R_LINE") |
| 109 | email=$(subst "\`email' value" "$kprop_email" kopt_ "$R_LINE") |
| 110 | cat <<EOF |
| 111 | Name-Real: $real |
| 112 | Name-Email: $email |
| 113 | EOF |
| 114 | comment=$(subst "\`comment' value" "$kprop_comment" kopt_ "$R_LINE") |
| 115 | case "$comment" in |
| 116 | ?*) cat <<EOF |
| 117 | Name-Comment: $comment |
| 118 | EOF |
| 119 | ;; |
| 120 | esac |
| 121 | } | run_gnupg "$base" --gen-key |
| 122 | |
| 123 | ## Commit the new key. |
| 124 | run_gnupg "$base" --fingerprint --with-colons | \ |
| 125 | grep '^fpr:' | cut -d: -f10 >"$base/fpr" |
| 126 | run_gnupg "$base" --export --armor --output="$base/pub" |
| 127 | } |
| 128 | |
| 129 | k_import () { |
| 130 | base=$1 |
| 131 | |
| 132 | initdir "$base" |
| 133 | run_gnupg "$base" --import "$base/pub" |
| 134 | run_gnupg "$base" --fingerprint --with-colons | \ |
| 135 | grep '^fpr:' | cut -d: -f10 >"$base/fpr" |
| 136 | } |
| 137 | |
| 138 | k_encrypt () { |
| 139 | base=$1 |
| 140 | run_gnupg "$base" --encrypt --armor --recipient=$(cat "$base/fpr") |
| 141 | } |
| 142 | |
| 143 | k_decrypt () { |
| 144 | base=$1 nub=$2 |
| 145 | run_gnupg "$base" --passphrase-file "$nub" --decrypt |
| 146 | } |
| 147 | |
| 148 | k_sign () { |
| 149 | base=$1 nub=$2 |
| 150 | run_gnupg "$base" --passphrase-file "$nub" --detach-sign --armor |
| 151 | } |
| 152 | |
| 153 | k_verify () { |
| 154 | base=$1 sig=$3 |
| 155 | echo "$sig" >$tmp/sig |
| 156 | if run_gnupg "$base" --verify $tmp/sig - >/dev/null 2>$tmp/err |
| 157 | then :; else |
| 158 | rc=$? |
| 159 | cat >&2 $tmp/err |
| 160 | return $rc |
| 161 | fi |
| 162 | } |
| 163 | |
| 164 | ###----- That's all, folks -------------------------------------------------- |