Commit | Line | Data |
---|---|---|
a91e8fcb MW |
1 | #! /bin/sh |
2 | ||
3 | set -e | |
4 | . lib/func.sh | |
5 | ||
6 | ## Check to see whether we're already set up. | |
7 | if [ -d ca ]; then | |
8 | echo >&2 "$0: already set up: delete ca/ to restart" | |
9 | exit 1 | |
10 | fi | |
11 | ||
12 | ## Clear out and recreate the old state directories. | |
13 | rm -rf gnupg ca ca.new publish publish.new | |
14 | mkdir -m700 gnupg ca.new | |
15 | ||
16 | ## Generate the CA keys. | |
17 | for kt in $keytypes; do | |
18 | case $kt in | |
19 | *:*) bits=-b${kt#*:} kt=${kt%:*} ;; | |
20 | *) bits= ;; | |
21 | esac | |
22 | ssh-keygen -fca.new/ca-$kt -t$kt $bits -C"$cacomment" -N "" | |
23 | done | |
24 | ||
25 | ## Generate the GnuPG key. | |
26 | run_gpg --batch -q --gen-key <<EOF | |
27 | %echo Generating key ssh-ca; hold on tight... | |
28 | Key-Type: $gnupg_key_type | |
29 | Key-Length: $gnupg_key_length | |
30 | Name-Real: ${gnupg_key_realname_prefix}ssh-ca | |
31 | Name-Comment: ssh-ca | |
32 | Name-Email: ssh-ca@$gnupg_key_email_domain | |
33 | EOF | |
34 | ||
35 | ## Done. | |
36 | mv ca.new ca |