From: Mark Wooding Date: Sun, 12 Feb 2012 23:19:52 +0000 (+0000) Subject: keys.list-{keepers,recov}: New commands for inspecting infrastructure. X-Git-Tag: 0.99.2~33 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/distorted-keys/commitdiff_plain/2235222bb9739a1e6713b49290906c5b4cf08f04?hp=2661d8aa033971c32f45392fc70e42f0d9a2c14e keys.list-{keepers,recov}: New commands for inspecting infrastructure. There's some overlap in functionality (and, distressingly, in implementation) but I think the two perspectives are useful. --- diff --git a/Makefile.am b/Makefile.am index 2a33276..a356ec1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -105,6 +105,8 @@ dist_pkglib_SCRIPTS += keys.archive dist_pkglib_SCRIPTS += keys.conceal dist_pkglib_SCRIPTS += keys.keeper-cards dist_pkglib_SCRIPTS += keys.keeper-nub +dist_pkglib_SCRIPTS += keys.list-keepers +dist_pkglib_SCRIPTS += keys.list-recov dist_pkglib_SCRIPTS += keys.new-keeper dist_pkglib_SCRIPTS += keys.new-recov dist_pkglib_SCRIPTS += keys.recover diff --git a/keys.list-keepers b/keys.list-keepers new file mode 100755 index 0000000..399d765 --- /dev/null +++ b/keys.list-keepers @@ -0,0 +1,104 @@ +#! /bin/sh +### +### List the available keeper sets +### +### (c) 2012 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This file is part of the distorted.org.uk key management suite. +### +### distorted-keys is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### distorted-keys is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with distorted-keys; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +set -e +case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac +. "$KEYSLIB"/keyfunc.sh + +defhelp </dev/null "Q$r" : "Q$R_LABEL"; then continue; fi + set _ $(echo $r | md5sum); rh=$2 + eval rcur_$rh=$(readlink $r/current) r_$rh=\$r + for ri in $r/*; do + i=${ri##*/} + case "$i" in *[!0-9]*) continue ;; esac + for kp in $ri/*.param; do + k=${kp##*/}; k=${k%.param} + case $kk in *:$k:*) ;; *) kk=$kk$k:; unset rr_$k ;; esac + eval t_$k_$rh_$i='$(sharethresh $kp)' + eval "rr_$k=\${rr_$k+\$rr_$k }$rh/$i" + done + done + done +fi + +if [ ! -d $KEYS/keeper ]; then + echo >&2 "$quis: no keepers" +else + cd $KEYS/keeper + for k in *; do + checkword "keeper set label" "$k" + if [ ! -r $k/meta ]; then continue; fi + read n hunoz <$k/meta + readmeta $k/0 + echo "$k profile=$profile n=$n" + echo " share" + i=0; while [ $i -lt $n ]; do + nubid=$(cat $k/$i/nubid) + echo " $i nubid=$nubid" + i=$(( $i + 1 )) + done + echo " recov" + eval rr=\$rr_$k + for ri in $rr; do + rh=${ri%/*} i=${ri##*/} + eval r=\$r_$rh + eval t=\$t_$k_$rh_$i + info="$r/$i t=$t" + set $(echo $r/$i | tr / .) revealed + eval rcur=\$rcur_$rh + case $rcur in $i) set "$@" $(echo $r/current | tr / .) current ;; esac + while [ $# -gt 0 ]; do + rd=$SAFE/keys.reveal/$1 attr=$2; shift 2 + if [ ! -d $rd ]; then + case $attr in revealed) ;; *) info="$info $attr" ;; esac + elif [ -f $rd/nub ]; then + info="$info $attr=nub" + else + unset ss + i=0; while [ $i -lt $n ]; do + if [ -f $rd/$k.$i.share ]; then ss=${ss+$ss,}$i; fi + i=$(( $i + 1 )) + done + info="$info $attr=$ss" + fi + done + echo " $info" + done + done +fi + +###----- That's all, folks -------------------------------------------------- diff --git a/keys.list-recov b/keys.list-recov new file mode 100755 index 0000000..38ab00f --- /dev/null +++ b/keys.list-recov @@ -0,0 +1,80 @@ +#! /bin/sh +### +### List the available recovery keys +### +### (c) 2012 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This file is part of the distorted.org.uk key management suite. +### +### distorted-keys is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### distorted-keys is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with distorted-keys; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +set -e +case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac +. "$KEYSLIB"/keyfunc.sh + +defhelp <&1 "$quis: no recovery keys" +else + cd $KEYS/recov + firstp=t + for r in $(find . -type l -name current -print); do + r=${r#./}; r=${r%/current} + if ! expr >/dev/null "Q$r" : "Q$R_LABEL"; then continue; fi + unset ri + case $firstp in t) firstp=nil ;; nil) echo ;; esac + echo "$r" + echo " keepers" + while read k t; do + read n hunoz <$KEYS/keeper/$k/meta + echo " $k t=$t n=$n" + done <$r/keepers + rcur=$(readlink $r/current) + for ri in $r/*; do + i=${ri##*/} + case "$i" in *[!0-9]*) continue ;; esac + echo " instance $i" + case "$rcur" in $i) echo " current" ;; esac + readmeta $ri/store + nubid=$(cat $ri/store/nubid) + echo " profile $profile" + echo " nubid $nubid" + echo " keepers" + for kp in $ri/*.param; do + k=${kp##*/}; k=${k%.param} + read n hunoz <$KEYS/keeper/$k/meta + t=$(sharethresh $kp) + echo " $k t=$t n=$n" + done + anyp=nil + for sf in $(cd $ri; find . -type f -name '*.recov' -print); do + s=${sf#./} + case $anyp in nil) anyp=t; echo " secrets" ;; esac + echo " $s" + done + done + done +fi + +###----- That's all, folks --------------------------------------------------