3 # $Id: signkey.pl 303 2004-04-23 22:59:05Z scott $
5 # Sign each UID of a key individually, mailing the exported version
6 # encrypted to the e-mail address given.
8 # Copyright (C) 2003 Scott James Remnant <scott@netsplit.com>.
10 # Permission is hereby granted, free of charge, to any person obtaining
11 # a copy of this software and associated documentation files (the
12 # "Software"), to deal in the Software without restriction, including
13 # without limitation the rights to use, copy, modify, merge, publish,
14 # distribute, sublicense, and/or sell copies of the Software, and to
15 # permit persons to whom the Software is furnished to do so, subject to
16 # the following conditions:
18 # The above copyright notice and this permission notice shall be
19 # included in all copies or substantial portions of the Software.
21 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
22 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
23 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
24 # IN NO EVENT SHALL SOFTWARE IN THE PUBLIC INTEREST, INC. BE LIABLE FOR
25 # ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
26 # CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
27 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 $name = $ENV{DEBFULLNAME};
30 $mail = $ENV{DEBEMAIL};
31 unless ($name && $mail) {
32 print STDERR "DEBFULLNAME and DEBEMAIL environment variables not set\n";
36 if ($ARGV[0] && -f $ARGV[0]) {
39 foreach (@keys) { chomp; }
46 print STDERR "Usage: $0 < FILENAME | KEYS... >\n\n";
47 print STDERR "FILENAME newline separated list of key information\n";
48 print STDERR "KEYS key information\n";
52 @gpg = ("gpg", "--no-auto-check-trustdb", "--batch", "--yes", "--armor",
54 $gpg = join(" ", @gpg);
57 print "GPG Passphrase: ";
62 foreach $key (@keys) {
64 eval { &sign_key($key); };
66 print STDERR "*** Error processing $key\n";
69 print "*" x 80, "\n\n\n";
71 #system("gpg", "--check-trustdb");
81 # suggestion by moray, not a problem if it doesn't work
83 #foreach $cmd ("", "recv") {
84 foreach $cmd ("recv") {
86 system(@gpg, "--list-keys", $key);
88 system(@gpg, "--recv-keys", $key);
92 open KEYINFO, "$gpg --fixed-list-mode --with-colons " .
93 "--fingerprint --check-sigs $key|"
94 or die "Couldn't retreive key information from GPG: $!";
98 if ($info[0] eq 'pub') {
99 $id = substr($info[4], -8);
101 } elsif ($info[0] eq 'fpr') {
103 } elsif ($info[0] eq 'uid') {
104 push @uid, $info[1] . $info[9];
105 } elsif ($info[0] eq 'uat') {
106 push @uid, 'r' . $info[9];
107 } elsif ($info[0] eq 'sig' and $info[4] eq 'F6DD330210FA4CD1') {
109 print "Uid $uid[$#uid] already signed; ignoring.\n";
110 $uid[$#uid] =~ s/^./S/;
119 die "Key $key not found." unless $id;
120 die "No non-revoked/unsigned UIDs to sign." unless grep { /^[^rS]/ } @uid;
122 open GPG, "$gpg --export $id|" or die "Couldn't export from GPG: $!";
127 for ($i = 4; $i <= 40; $i += 4) {
128 push @fpr, substr($fpr, $i - 4, 4);
131 $fpr = join(" ", @fpr);
135 next unless /^(.)(.*)/;
136 next if $1 eq 'r' or $1 eq 'S';
142 open GPG, '-|', @gpg, "--list-keys", $key
143 or die "Couldn't list keys from GPG: $!";
151 return if $answer !~ /^[yt]/i;
155 for ($uid = 1; $uid <= @uid; $uid++) {
156 next unless $uid[$uid-1] =~ /^(.)(.*)/;
157 next if $1 eq 'r' or $1 eq 'S';
160 open GPG, "|$gpg --default-cert-check-level 3 " .
161 "--command-fd 0 --passphrase-fd 0 --edit $id"
162 or die "Couldn't sign key $uid";
164 print GPG "uid $uid\n";
166 print GPG "y\n" if $expiry;
170 open GPG, "$gpg --export $id|"
171 or die "Couldn't export from GPG: $!";
176 $keyfile = "/tmp/signkey.$$.$id.$uid";
178 open UID, ">$keyfile";
181 "Below is the ASCII-armoured copy of your key, as received from
182 the keyservers, with *ONLY* the following UID signed by ${name}'s key.
186 You will receive separate e-mails for each additional UID on your key.
187 Import each into your keyring as you receive them, then upload to the
188 keyservers once all have been added.";
191 "Below is the ASCII-armoured copy of your key, as received from
192 the keyservers and signed by ${name}'s key.
194 Import this into your keyring then upload to the keyservers.";
197 print UID "\n\n(This e-mail was automatically generated.)\n\n";
201 open GPG, "|-", @gpg, "--passphrase-fd", "0", "--encrypt",
202 "--sign", "-r", $id, $keyfile
203 or die "Couldn't encrypt ${uid}: $!";
207 open ASC, "$keyfile.asc" or die "Missing asc file! $uid";
211 open MAIL, "|-", "/usr/sbin/sendmail", "-t", "-f", $mail
212 or die "Couldn't write to sendmail: $!";
213 print MAIL "From: $name <$mail>\n";
214 print MAIL "To: $uidname\n";
215 print MAIL "Subject: Signed GPG key: $id\n\n";
219 system(@gpg, "--delete-key", $id);
220 open GPG, "|$gpg --import" or die "Couldn't reimport key $uid";
225 unlink "$keyfile.asc";
228 # Uncomment to have the signatures on your key when you finish
230 # open GPG, "|$gpg --import" or die "Couldn't import new sigs";