3 ### Common key management functions.
5 ### (c) 2011 Mark Wooding
8 ###----- Licensing notice ---------------------------------------------------
10 ### This program is free software; you can redistribute it and/or modify
11 ### it under the terms of the GNU General Public License as published by
12 ### the Free Software Foundation; either version 2 of the License, or
13 ### (at your option) any later version.
15 ### This program is distributed in the hope that it will be useful,
16 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
17 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 ### GNU General Public License for more details.
20 ### You should have received a copy of the GNU General Public License
21 ### along with this program; if not, write to the Free Software Foundation,
22 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
26 ###--------------------------------------------------------------------------
27 ### Configuration variables.
29 PACKAGE="@PACKAGE@" VERSION="@VERSION@"
30 pkgconfdir="@pkgconfdir@" pkglibdir="@pkglibdir@"
33 case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
35 ###--------------------------------------------------------------------------
39 cleanup () { cleanups="$cleanups $1"; }
40 trap 'rc=$?; for i in $cleanups; do $i; done; exit $rc' EXIT
41 trap 'exit 127' INT TERM
43 ###--------------------------------------------------------------------------
44 ### Utility functions.
46 ## Temporary directory.
48 rmtmp () { cd /; rm -rf $tmp; }
50 ## Make and return the name of a temporary directory.
52 case "${tmp+t}" in t) echo "$tmp"; return ;; esac
53 mem=$(userv root claim-mem-dir)
54 tmp="$mem/keys.tmp.$$"
60 ###--------------------------------------------------------------------------
61 ### Input validation functions.
66 "" | [!1-9]* | *[!0-9]*)
67 echo >&2 "$quis: bad $what \`$thing'"
76 "" | *[!-0-9a-zA-Z_!%@+=]*)
77 echo >&2 "$quis: bad $what: \`$thing'"
83 ###--------------------------------------------------------------------------
84 ### Crypto operations.
86 ### We use Seccure for this, but it's interface is Very Annoying.
90 ## run_seccure OP ARG ...
92 ## Run a Seccure program, ensuring that its stderr is reported if it had
93 ## anything very interesting to say, but suppressed if it was boring.
95 ## We need a temporary place for the error output.
99 echo >&2 "$quis (INTERNAL): run_seccure called without tmpdir"
105 set +e; seccure-$op "$@" 2>$tmp/seccure.out; rc=$?; set -e
106 grep -v '^WARNING: Cannot obtain memory lock' $tmp/seccure.out >&2 || :
112 ## Write the public key corresponding to PRIVATE to stdout.
114 run_seccure key -q -cp256 -F"$private"
119 ## Make a new key, write private key to PRIVATE and public key to PUBLIC.
121 dd if=/dev/random bs=1 count=512 2>/dev/null |
122 openssl sha384 -binary |
123 (umask 077 && openssl base64 >"$private")
124 ec_public "$private" >"$public"
129 ## Encrypt stuff using the PUBLIC key. Use -i/-o or redirection.
131 run_seccure encrypt -q -cp256 -m128 "$@" -- $(cat "$public")
136 ## Decrypt stuff using the PRIVATE key. Use -i/-o or redirection.
138 run_seccure decrypt -q -cp256 -m128 -F"$private" "$@"
141 ###--------------------------------------------------------------------------
145 case "$KEYS_HELP" in t) ;; *) return ;; esac
149 defhelp () { read umsg; usage="usage: $quis${umsg+ }$umsg"; help=$(cat); }
150 help () { showhelp; }
159 ###----- That's all, folks --------------------------------------------------