108 lines
3.9 KiB
Bash
108 lines
3.9 KiB
Bash
|
#!/bin/sh
|
||
|
#################################################################
|
||
|
# #
|
||
|
# Copyright 2010 Fidelity Information Services, Inc #
|
||
|
# #
|
||
|
# This source code contains the intellectual property #
|
||
|
# of its copyright holder(s), and is made available #
|
||
|
# under a license. If you do not know the terms of #
|
||
|
# the license, please stop and do not read further. #
|
||
|
# #
|
||
|
#################################################################
|
||
|
|
||
|
#############################################################################################
|
||
|
#
|
||
|
# import_and sign_key.sh: Import public key into the owner's keyring. After confirming
|
||
|
# the fingerprint, sign the key.
|
||
|
#
|
||
|
# Arguments -
|
||
|
# $1 - path of the public key file.
|
||
|
# $2 - email id of the public key's owner.
|
||
|
#
|
||
|
#############################################################################################
|
||
|
|
||
|
hostos=`uname -s`
|
||
|
# try to get a predictable which
|
||
|
if [ "OS/390" = "$hostos" ] ; then which=whence ;
|
||
|
elif [ -x "/usr/bin/which" ] ; then which=/usr/bin/which
|
||
|
else which=which
|
||
|
fi
|
||
|
|
||
|
# echo and options
|
||
|
ECHO=/bin/echo
|
||
|
ECHO_OPTIONS=""
|
||
|
#Linux honors escape sequence only when run with -e
|
||
|
if [ "Linux" = "$hostos" ] ; then ECHO_OPTIONS="-e" ; fi
|
||
|
|
||
|
# Path to key file and email id are required
|
||
|
if [ $# -lt 2 ]; then
|
||
|
$ECHO "Usage: `basename $0` public_key_file email_id"
|
||
|
exit 1
|
||
|
fi
|
||
|
public_key_file=$1
|
||
|
email_id=$2
|
||
|
|
||
|
# Identify GnuPG - it is required
|
||
|
if [ -x "`$which gpg 2>&1`" ] ; then gpg=gpg
|
||
|
elif [ -x "`$which gpg2 2>&1`" ] ; then gpg=gpg2
|
||
|
else $ECHO "Able to find neither gpg nor gpg2. Exiting" ; exit 1 ; fi
|
||
|
|
||
|
# Exit if the public key for this id already exists in the keyring
|
||
|
$gpg --list-keys $email_id 2>/dev/null 1>/dev/null
|
||
|
if [ $? -eq 0 ] ; then
|
||
|
$ECHO "Public key of $email_id already exists in keyring." ; exit 1
|
||
|
fi
|
||
|
|
||
|
# Ensure that the public key file exists and is readable
|
||
|
if [ ! -r $public_key_file ] ; then
|
||
|
$ECHO "Key file $public_key_file not accessible." ; exit 1
|
||
|
fi
|
||
|
|
||
|
# Import the public key into the keyring
|
||
|
$gpg --no-tty --import --yes $public_key_file
|
||
|
if [ $? -ne 0 ] ; then
|
||
|
$ECHO "Error importing public key for $email_id from $public_key_file" ; exit 1
|
||
|
fi
|
||
|
|
||
|
# Display fingerprint of the just imported public key
|
||
|
$ECHO "#########################################################"
|
||
|
$gpg --fingerprint $email_id
|
||
|
if [ $? -ne 0 ] ; then
|
||
|
$ECHO "Error obtaining fingerprint the email id - $email_id" ; exit 1
|
||
|
fi
|
||
|
$ECHO "#########################################################"
|
||
|
|
||
|
trap 'stty sane ; exit 1' HUP INT QUIT TERM TRAP
|
||
|
|
||
|
# Confirm with the user whether the fingerprint matches
|
||
|
unset tmp
|
||
|
while [ "Y" != "$tmp" ] ; do
|
||
|
$ECHO $ECHO_OPTIONS "Please confirm validity of the fingerprint above (y/n/[?]):" \\c
|
||
|
read tmp ; tmp=`$ECHO $tmp | tr yesno YESNO`
|
||
|
case $tmp in
|
||
|
"Y"|"YE"|"YES") tmp="Y" ;;
|
||
|
"N"|"NO") $ECHO Finger print of public key for $email_id in $public_key_file not confirmed
|
||
|
$gpg --no-tty --batch --delete-keys --yes $email_id
|
||
|
exit 1 ;;
|
||
|
*) $ECHO
|
||
|
$ECHO "If the fingerprint shown above matches the fingerprint you have been indepently"
|
||
|
$ECHO "provided for the public key of this $email_id, then press Y otherwise press N"
|
||
|
$ECHO ;;
|
||
|
esac
|
||
|
done
|
||
|
unset tmp
|
||
|
|
||
|
|
||
|
#If yes, we need to sign the public key. In order to do so, we need the user's passphrase.
|
||
|
# Get passphrase for GnuPG keyring
|
||
|
$ECHO $ECHO_OPTIONS Passphrase for keyring: \\c ; stty -echo ; read passphrase ; stty echo ; $ECHO ""
|
||
|
|
||
|
# Export and sign the key
|
||
|
$ECHO $passphrase | $gpg --no-tty --batch --passphrase-fd 0 --sign-key --yes $email_id
|
||
|
if [ $? -eq 0 ]; then
|
||
|
$ECHO "Successfully signed public key for $email_id received in $public_key_file" ; exit 0
|
||
|
else
|
||
|
$gpg --no-tty --batch --delete-keys --yes $email_id
|
||
|
$ECHO "Failure signing public key for $email_id received in $public_key_file" ; exit 1
|
||
|
fi
|