82 lines
3.3 KiB
Bash
82 lines
3.3 KiB
Bash
#!/bin/sh
|
|
#################################################################
|
|
# #
|
|
# Copyright 2010 Fidelity Information Services, Inc #
|
|
# #
|
|
# This source code contains the intellectual property #
|
|
# of its copyright holder(s), and is made available #
|
|
# under a license. If you do not know the terms of #
|
|
# the license, please stop and do not read further. #
|
|
# #
|
|
#################################################################
|
|
|
|
#############################################################################################
|
|
#
|
|
# gen_sym_key.sh - generates a 32 byte random key using gpg --gen-random.
|
|
# The generated key is stored in the output file encrypted with the user's public key.
|
|
#
|
|
# $1 - Strength of the random bytes (0 - least; 2 - greatest)
|
|
# $2 - Output file name for generated key encrypted with user's public key
|
|
# $3- Rest of line is treated as a comment
|
|
#
|
|
#############################################################################################
|
|
|
|
SYM_KEY_LEN=32
|
|
|
|
hostos=`uname -s`
|
|
# try to get a predictable which
|
|
if [ "OS/390" = "$hostos" ] ; then which=whence ;
|
|
elif [ -x "/usr/bin/which" ] ; then which=/usr/bin/which
|
|
else which=which
|
|
fi
|
|
|
|
# echo and options
|
|
ECHO=/bin/echo
|
|
ECHO_OPTIONS=""
|
|
#Linux honors escape sequence only when run with -e
|
|
if [ "Linux" = "$hostos" ] ; then ECHO_OPTIONS="-e" ; fi
|
|
|
|
if [ $# -lt 2 ] ; then $ECHO Usage: "`basename $0` key_strength[0-2] output_file" ; exit 1 ; fi
|
|
|
|
# Identify GnuPG - it is required
|
|
if [ -x "`$which gpg 2>&1`" ] ; then gpg=gpg
|
|
elif [ -x "`$which gpg2 2>&1`" ] ; then gpg=gpg2
|
|
else $ECHO "Able to find neither gpg nor gpg2. Exiting" ; exit 1 ; fi
|
|
|
|
# Confirm ability to create output file
|
|
output_dir=`dirname $2` ; if [ -z "$output_dir" ] ; then output_dir=$PWD ; fi
|
|
if [ ! -w $output_dir ] ; then $ECHO "$output_dir does not exist or is not writable" ; exit 1 ; fi
|
|
if [ -f $2 ] ; then
|
|
if [ ! -w $2 ] ; then $ECHO "Unable to overwrite existing output file $2" ; exit 1 ; fi
|
|
fi
|
|
output_file=$2
|
|
|
|
random_strength=3
|
|
case $1 in
|
|
[0-2]) random_strength=$1 ;;
|
|
esac
|
|
|
|
while [ $random_strength -lt 0 -o $random_strength -gt 2 ] ; do
|
|
$ECHO $ECHO_OPTIONS "Please enter a preferred strength for the key (0/1/2/[?]):" \\c
|
|
read random_strength
|
|
case "$random_strength" in
|
|
[0-2]) ;;
|
|
*) random_strength=3
|
|
$ECHO
|
|
$ECHO "Choose a key strength 0 (weakest - for testing) through 2 (strongest - for production)."
|
|
$ECHO "Since 2 may use up all available entropy on your system and/or take some time"
|
|
$ECHO "it is recommended that you choose 2 only on desktop systems where you can"
|
|
$ECHO "more easily generate entropy by moving the mouse and typing."
|
|
$ECHO ;;
|
|
esac
|
|
done
|
|
|
|
# Get comment for key
|
|
shift 2
|
|
comment="$*" ; if [ -z "$comment" ] ; then comment="Key in $output_file created by $USER `date -u`" ; fi
|
|
|
|
dir_path=`dirname $0` ; if [ -z "$dir_path" ] ; then dir_path=$PWD ; fi
|
|
|
|
# Generate random key and save the output encrypted and signed
|
|
$gpg --gen-random $random_strength $SYM_KEY_LEN | $gpg --armor --encrypt --default-recipient-self --comment "$comment" --output $output_file
|