--- /dev/null
+;;; -*-emacs-lisp-*-
+
+(setq skel-alist
+ (append
+ '((author . "Mark Wooding")
+ (program . "distorted-keys")
+ (full-title . "the distorted.org.uk key management suite"))
+ skel-alist))
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
bin_SCRIPTS =
dist_pkglib_SCRIPTS += keeper-cards
dist_pkglib_SCRIPTS += new-keeper
dist_pkglib_SCRIPTS += new-recov
+dist_pkglib_SCRIPTS += recover
dist_pkglib_SCRIPTS += reveal
+dist_pkglib_SCRIPTS += stash
###----- That's all, folks --------------------------------------------------
dnl----- Licensing notice ---------------------------------------------------
dnl
-dnl This program is free software; you can redistribute it and/or modify
+dnl This file is part of the distorted.org.uk key management suite.
+dnl
+dnl distorted-keys is free software; you can redistribute it and/or modify
dnl it under the terms of the GNU General Public License as published by
dnl the Free Software Foundation; either version 2 of the License, or
dnl (at your option) any later version.
dnl
-dnl This program is distributed in the hope that it will be useful,
+dnl distorted-keys is distributed in the hope that it will be useful,
dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
dnl GNU General Public License for more details.
dnl
dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software Foundation,
+dnl along with distorted-keys; if not, write to the Free Software Foundation,
dnl Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
dnl--------------------------------------------------------------------------
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
set -e
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
quis=${0##*/}
case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
+if [ -f $KEYS/keys.conf ]; then . $KEYS/keys.conf; fi
+: ${random=/dev/random}
+
+case "${KEYS_DEBUG+t}" in t) set -x ;; esac
+
###--------------------------------------------------------------------------
### Cleanup handling.
## Make and return the name of a temporary directory.
case "${tmp+t}" in t) echo "$tmp"; return ;; esac
- mem=$(userv root claim-mem-dir)
+ mem=$(userv root claim-mem-dir </dev/null)
tmp="$mem/keys.tmp.$$"
rm -rf "$tmp"
mkdir -m700 "$tmp"
esac
}
+checklabel () {
+ what=$1 thing=$2
+ case "$thing" in
+ *[!-0-9a-zA-Z_!%@+=/#]* | *//* | /* | */)
+ echo >&2 "$quis: bad $what label \`$thing'"
+ exit 1
+ ;;
+ esac
+}
+
###--------------------------------------------------------------------------
### Crypto operations.
###
private=$1 public=$2
## Make a new key, write private key to PRIVATE and public key to PUBLIC.
- dd if=/dev/random bs=1 count=512 2>/dev/null |
- openssl sha384 -binary |
+ dd if=$random bs=1 count=512 2>/dev/null |
+ openssl dgst -sha384 -binary |
(umask 077 && openssl base64 >"$private")
ec_public "$private" >"$public"
}
run_seccure decrypt -q -cp256 -m128 -F"$private" "$@"
}
+ec_sign () {
+ private=$1; shift
+ ## Sign stuff using the PRIVATE key. Use -i/-o or redirection.
+
+ run_seccure sign -q -cp256 -F"$private" "$@"
+}
+
+ec_verify () {
+ public=$1 signature=$2; shift
+ ## Verify a SIGNATURE using the PUBLIC key; use -i or redirection for the
+ ## input.
+
+ run_seccure verify -q -cp256 "$@" -- $(cat "$public") "$signature"
+}
+
###--------------------------------------------------------------------------
### Help text.
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
set -e
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
set -e
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
set -e
seq=0
else
seq=$(readlink $rdir/current)
- mem=$(userv root claim-mem-dir)
- reveal=$mem/keys.reveal.$recov.current/secret
+ mem=$(userv root claim-mem-dir </dev/null)
+ reveal=$mem/keys.reveal/$recov.current/secret
if [ ! -f $reveal ]; then
echo >&2 "$quis: current $recov key not revealed"
exit 1
fi
- find $rdir/current -type f -name '*.recov' -print | while read name; do
+
+ find $rdir/current/ -type f -name '*.recov' -print | while read name; do
name=${name#$rdir/current/}
case "$name" in */*) mkdir -p -m755 $rdir/new/${name%/*} ;; esac
ec_decrypt $reveal -i$rdir/current/$name |
ec_encrypt $rdir/new/pub -o$rdir/new/$name
done
+ rm -r $mem/keys.reveal/$recov.current
fi
-## Tidy up and commit.
+## Tidy up and commit. Repointing the symlink is grim because, according to
+## POSIX rules, `mv foo bar' should rename `foo' to `bar/foo' is `bar' is a
+## symlink to a directory -- and there's no way of turning this behaviour
+## off. The subterfuge here is due to Colin Watson.
cd $rdir
while [ -d $seq ]; do seq=$(( seq + 1 )); done
case $kparam in *.new) mv keepers.new keepers ;; esac
rm -f next
ln -s $seq next
mv new $seq
-mv next current
+mkdir hack; mv next hack/current; mv hack/current .; rmdir hack
###----- That's all, folks --------------------------------------------------
--- /dev/null
+#! /bin/sh
+###
+### Recover a secret stashed earlier
+###
+### (c) 2011 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### distorted-keys is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with distorted-keys; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+set -e
+case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
+. "$KEYSLIB"/keyfunc.sh
+
+defhelp <<HELP
+RECOV LABEL
+Recover the secret LABEL using recovery key RECOV.
+
+The recovery key must be revealed. The secret is written to stdout.
+HELP
+dohelp
+
+## Parse the command line.
+case $# in 2) ;; *) echo >&2 "$usage"; exit 1 ;; esac
+recov=$1 label=$2
+checklabel "recovery key label" "$recov"
+checklabel "secret" "$label"
+
+## Do the recovery.
+blob=$KEYS/recov/$recov/current/$label.recov
+if [ ! -f $blob ]; then
+ echo >&2 "$quis: no recovery blob for secret \`$label'"
+ exit 1
+fi
+mem=$(userv root claim-mem-dir </dev/null)
+reveal=$mem/keys.reveal/$recov.current/secret
+if [ ! -f $reveal ]; then
+ echo >&2 "$quis: current $recov key not revealed"
+ exit 1
+fi
+tmp=$(mktmp); cleanup rmtmp
+ec_decrypt $reveal -i$blob
+
+###----- That's all, folks --------------------------------------------------
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
set -e
*) echo >&2 "$usage"; exit 1 ;;
esac
recov=$1 keeper=$2; shift 2
+checklabel "recovery key" "$recov"
case "$recov" in
- *[!-0-9a-zA-Z_!%@+=/]* | */ | /* | \
- *[!-0-9a-zA-Z_!%@+=]*/* | */*[!-0-9a-zA-Z_!%@+=]*)
- echo >&2 "$quis: bad recovery key label \`$recov'"
- exit 1
- ;;
- */*)
- ;;
- *)
- recov=$recov/current
+ */*) ;;
+ *) recov=$recov/current ;;
esac
checkword "keeper set label" "$keeper"
## Grab the key, because we'll need to read it several times.
tmp=$(mktmp); cleanup rmtmp
-secret=$(cat "$@")
+secret=$(cat -- "$@")
pub=$(ec_public /dev/stdin <<EOF
$secret
EOF
read n hunoz <$KEYS/keeper/$keeper/meta
i=0
foundp=nil
+: "$pub"
while [ $i -lt $n ]; do
read cand <$KEYS/keeper/$keeper/$i.pub
+ : "$cand"
case "$pub" in "$cand") foundp=t; break ;; esac
i=$(( i + 1 ))
done
## Establish the recovery staging area. See whether we've done enough
## already.
-mem=$(userv root claim-mem-dir)
+mem=$(userv root claim-mem-dir </dev/null)
tag=$(echo $recov | tr / .)
-if [ -d $mem/keys.reveal.$tag ]; then
+mkdir -p -m700 $mem/keys.reveal
+reveal=$mem/keys.reveal/$tag
+if [ ! -d $reveal ]; then mkdir -m700 $reveal; fi
+cd $reveal
+if [ -f secret ]; then
echo >&2 "$quis: secret $recov already revealed"
exit 1
fi
-reveal=$mem/keys.reveal.$tag.$keeper
-if [ ! -d $reveal ]; then mkdir -m700 $reveal; fi
-cd $reveal
-if [ -f share.$i ]; then
+if [ -f $keeper.$i ]; then
echo >&2 "$quis: share $i already revealed"
exit 1
fi
## Decrypt the share.
+umask 077
ec_decrypt /dev/stdin \
-i$KEYS/recov/$recov/$keeper.$i.share \
- -oshare.$i.new <<EOF
+ -o$keeper.$i.new <<EOF
$secret
EOF
-mv share.$i.new share.$i
+mv $keeper.$i.new $keeper.$i
## See if there's enough for a recovery.
n=0
-for j in share.*; do if [ -f "$j" ]; then n=$(( n + 1 )); fi; done
+for j in $keeper.*; do if [ -f "$j" ]; then n=$(( n + 1 )); fi; done
if [ $n -lt $t ]; then
echo >&2 "$quis: share $i revealed; $(( t - n )) more required"
else
- cat $KEYS/recov/$recov/$keeper.param share.* | shamir recover >secret
- pubx=$(ec_public secret)
+ cat $KEYS/recov/$recov/$keeper.param $keeper.* >$keeper.shares
+ shamir recover <$keeper.shares >secret.new
+ pubx=$(ec_public secret.new)
puby=$(cat $KEYS/recov/$recov/pub)
case "$pubx" in
"$puby") ;;
exit 1
;;
esac
- cd ..
- mv keys.reveal.$tag.$keeper keys.reveal.$tag
+ mv secret.new secret
echo >&2 "$quis: secret $recov revealed"
fi
###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
from __future__ import with_statement
--- /dev/null
+### -*-sh-*-
+###
+### Stash a recovery blob of a secret
+###
+### (c) 2011 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### distorted-keys is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with distorted-keys; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+set -e
+case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
+. "$KEYSLIB"/keyfunc.sh
+
+defhelp <<HELP
+RECOV LABEL [SECRET]
+Store a secret encrypted under the recovery key RECOV.
+
+The LABEL is used to identify the encrypted secret later to the \`recover'
+command. The secret is read from SECRET, or stdin if SECRET is omitted or
+\`-'.
+HELP
+dohelp
+
+## Parse the command line.
+case $# in
+ 2) if [ -t 0 ]; then echo >&2 "$quis: stdin is a terminal"; exit 1; fi ;;
+ 3) ;;
+ *) echo >&2 "$usage"; exit 1 ;;
+esac
+recov=$1 label=$2; shift 2
+checkword "recovery key label" "$recov"
+checklabel "secret" "$label"
+
+## Do the thing.
+tmp=$(mktmp); cleanup rmtmp
+cat -- "$@" >$tmp/secret
+cd $KEYS/recov/$recov/current
+case $label in */*) mkdir -m755 -p ${label%/*} ;; esac
+ec_encrypt pub -i$tmp/secret -o$label.new
+mv $label.new $label.recov
+
+###----- That's all, folks --------------------------------------------------