mkdir -p $BASEDIR/tmp
keyringer_git_ignore 'tmp/*'
- tmpfile="`mktemp $template`"
+ if [ "$2" == "-d" ]; then
+ TMPWORK="`mktemp -d $template`"
+ else
+ TMPWORK="`mktemp $template`"
+ fi
if [ "$?" != "0" ]; then
- echo "Error: can't set tmpfile $tmpfile"
+ echo "Error: can't set TMPWORK $TMPWORK"
exit 1
fi
- echo $tmpfile
+ trap "keyringer_unset_tmpfile $TMPWORK; exit" INT TERM EXIT
}
# Remove a temporary file
echo "No option config was found"
exit 1
fi
+
+ # Ensure that keydir exists
+ mkdir -p $KEYDIR && chmod 700 $KEYDIR
}
# Get a file argument
echo "Make sure that $BASEDIR is atop of an encrypted volume."
# Set a tmp file
-TMPFILE="`keyringer_set_tmpfile edit`"
-trap "keyringer_unset_tmpfile $TMPFILE ; exit" INT TERM EXIT
+keyringer_set_tmpfile edit
# Decrypt the information to the file
-gpg --yes -o $TMPFILE --use-agent -d $KEYDIR/$FILE
+gpg --yes -o $TMPWORK --use-agent -d $KEYDIR/$FILE
# Prompt
echo "Press any key to open the decrypted data into $EDITOR, Ctrl-C to abort"
read key
-$EDITOR $TMPFILE
+$EDITOR $TMPWORK
# Encrypt again
-gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPFILE
+gpg --yes -o $KEYDIR/$FILE --use-agent --armor -e -s $(keyringer_recipients $RECIPIENTS) $TMPWORK
# Remove temp file
-keyringer_unset_tmpfile $TMPFILE
+keyringer_unset_tmpfile $TMPWORK
read -p "Hit ENTER to continue." prompt
# TODO: programatically enter blank passphrase twice
- ssh-keygen -t dsa -f $WORK/id_dsa -C "root@$NODE"
+ ssh-keygen -t dsa -f $TMPWORK/id_dsa -C "root@$NODE"
# Encrypt the result
echo "Encrypting secret key into keyringer..."
- cat $WORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE
+ cat $TMPWORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE
echo "Encrypting public key into keyringer..."
- cat $WORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub
+ cat $TMPWORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub
# TODO: add outfiles into version control
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
echo Saving copies at $OUTFILE and $OUTFILE.pub
- cat $WORK/id_dsa > $OUTFILE
- cat $WORK/id_dsa.pub > $OUTFILE.pub
+ cat $TMPWORK/id_dsa > $OUTFILE
+ cat $TMPWORK/id_dsa.pub > $OUTFILE.pub
fi
echo "Done"
# TODO: insert 279 random bytes
# TODO: custom Name-Comment and Name-Email
# TODO: allow for empty passphrases
- gpg --homedir $WORK --gen-key --batch <<EOF
+ gpg --homedir $TMPWORK --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 4096
Subkey-Type: ELG-E
# Encrypt the result
echo "Encrypting secret key into keyringer..."
- gpg --armor --homedir $WORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE
+ gpg --armor --homedir $TMPWORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE
echo "Encrypting public key into keyringer..."
- gpg --armor --homedir $WORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub
+ gpg --armor --homedir $TMPWORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub
echo "Encrypting passphrase into keyringer..."
echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt $BASEDIR $FILE.passwd
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
echo Saving copies at $OUTFILE and $OUTFILE.pub
- gpg --armor --homedir $WORK --export-secret-keys > $OUTFILE
- gpg --armor --homedir $WORK --export > $OUTFILE.pub
+ gpg --armor --homedir $TMPWORK --export-secret-keys > $OUTFILE
+ gpg --armor --homedir $TMPWORK --export > $OUTFILE.pub
fi
echo "Done"
read -p "Hit ENTER to continue." prompt
# Setup
- cd $WORK
+ cd $TMPWORK
# Generate certificate
$LIB/csr.sh $NODE
if [ ! -z "$OUTFILE" ]; then
mkdir -p `dirname $OUTFILE`
echo Saving copies at $OUTFILE.pem, $OUTFILE.csr and $OUTFILE.crt
- cat $WORK/$NODE"_privatekey.pem" > $OUTFILE.pem
- cat $WORK/$NODE"_csr.pem" > $OUTFILE.csr
- cat $WORK/$NODE.crt > $OUTFILE.crt
+ cat $TMPWORK/$NODE"_privatekey.pem" > $OUTFILE.pem
+ cat $TMPWORK/$NODE"_csr.pem" > $OUTFILE.csr
+ cat $TMPWORK/$NODE.crt > $OUTFILE.crt
fi
# Show cert fingerprint
- openssl x509 -noout -in $WORK/$NODE.crt -fingerprint
+ openssl x509 -noout -in $TMPWORK/$NODE.crt -fingerprint
echo "Done"
}
exit 1
fi
-# Prepare
-mkdir -p $KEYDIR && chmod 700 $KEYDIR
-
-WORK="`keyringer_set_tmpfile genpair`"
-trap "keyringer_unset_tmpfile $WORK; exit" INT TERM EXIT
-
-WORK="`mktemp -d $KEYDIR/genpair.XXXXXX`"
-if [ "$?" != "0" ]; then
- echo "Error setting up $WORK"
- exit 1
-else
- trap "rm -rf $WORK" EXIT
-fi
+# Set a tmp file
+keyringer_set_tmpfile genpair -d
# Dispatch
echo "Generating $KEYTYPE for $NODE..."
# Cleanup
cd $CWD
-rm -rf $WORK
+rm -rf $TMPWORK
trap - EXIT
projects / keyringer.git / commitdiff