more progress. recovery seems to be working now.

[distorted-keys] / keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index c9cf2074ca5b76703c582bd44cc73a19f0d1484c..70da24a130e9c8684f413ea956d9da5bb662db4e 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 quis=${0##*/}
@@ -32,6 +34,11 @@ bindir="@bindir@"
 
 case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
 
+if [ -f $KEYS/keys.conf ]; then . $KEYS/keys.conf; fi
+: ${random=/dev/random}
+
+case "${KEYS_DEBUG+t}" in t) set -x ;; esac
+
 ###--------------------------------------------------------------------------
 ### Cleanup handling.
 
@@ -50,7 +57,7 @@ mktmp () {
   ## Make and return the name of a temporary directory.
 
   case "${tmp+t}" in t) echo "$tmp"; return ;; esac
-  mem=$(userv root claim-mem-dir)
+  mem=$(userv root claim-mem-dir </dev/null)
   tmp="$mem/keys.tmp.$$"
   rm -rf "$tmp"
   mkdir -m700 "$tmp"
@@ -80,6 +87,16 @@ checkword () {
   esac
 }
 
+checklabel () {
+  what=$1 thing=$2
+  case "$thing" in
+    *[!-0-9a-zA-Z_!%@+=/#]* | *//* | /* | */)
+      echo >&2 "$quis: bad $what label \`$thing'"
+      exit 1
+      ;;
+  esac
+}
+
 ###--------------------------------------------------------------------------
 ### Crypto operations.
 ###
@@ -118,8 +135,8 @@ ec_keygen () {
   private=$1 public=$2
   ## Make a new key, write private key to PRIVATE and public key to PUBLIC.
 
-  dd if=/dev/random bs=1 count=512 2>/dev/null |
-    openssl sha384 -binary |
+  dd if=$random bs=1 count=512 2>/dev/null |
+    openssl dgst -sha384 -binary |
     (umask 077 && openssl base64 >"$private")
   ec_public "$private" >"$public"
 }
@@ -138,6 +155,21 @@ ec_decrypt () {
   run_seccure decrypt -q -cp256 -m128 -F"$private" "$@"
 }
 
+ec_sign () {
+  private=$1; shift
+  ## Sign stuff using the PRIVATE key.  Use -i/-o or redirection.
+
+  run_seccure sign -q -cp256 -F"$private" "$@"
+}
+
+ec_verify () {
+  public=$1 signature=$2; shift
+  ## Verify a SIGNATURE using the PUBLIC key; use -i or redirection for the
+  ## input.
+
+  run_seccure verify -q -cp256 "$@" -- $(cat "$public") "$signature"
+}
+
 ###--------------------------------------------------------------------------
 ### Help text.