Include the backup key in key splitting
This commit is contained in:
parent
b760624422
commit
7104c356c1
|
@ -7331,7 +7331,7 @@ function split_gpg_key_into_fragments {
|
||||||
# split the gpg key into fragments if social key management is enabled
|
# split the gpg key into fragments if social key management is enabled
|
||||||
if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
|
if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
|
||||||
echo 'Splitting GPG key. You may need to enter your passphrase.'
|
echo 'Splitting GPG key. You may need to enter your passphrase.'
|
||||||
freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS
|
freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
|
||||||
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
|
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
|
||||||
echo 'Yhe GPG key could not be split'
|
echo 'Yhe GPG key could not be split'
|
||||||
exit 86548
|
exit 86548
|
||||||
|
|
|
@ -37,10 +37,11 @@
|
||||||
KEY_FRAGMENTS=3
|
KEY_FRAGMENTS=3
|
||||||
MY_USERNAME=
|
MY_USERNAME=
|
||||||
MY_EMAIL_ADDRESS=
|
MY_EMAIL_ADDRESS=
|
||||||
|
MY_NAME=
|
||||||
|
|
||||||
function show_help {
|
function show_help {
|
||||||
echo ''
|
echo ''
|
||||||
echo 'freedombone-splitkey -u [username] -n [number of fragments] -e [email address]'
|
echo 'freedombone-splitkey -u [username] -n [number of fragments] -e [email address] --fullname [Full name]'
|
||||||
echo ''
|
echo ''
|
||||||
exit 0
|
exit 0
|
||||||
}
|
}
|
||||||
|
@ -65,6 +66,10 @@ case $key in
|
||||||
shift
|
shift
|
||||||
MY_EMAIL_ADDRESS=$1
|
MY_EMAIL_ADDRESS=$1
|
||||||
;;
|
;;
|
||||||
|
--fullname)
|
||||||
|
shift
|
||||||
|
MY_NAME=$1
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
# unknown option
|
# unknown option
|
||||||
;;
|
;;
|
||||||
|
@ -95,7 +100,19 @@ if [ ! $MY_EMAIL_ADDRESS ]; then
|
||||||
MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
|
MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
|
||||||
fi
|
fi
|
||||||
KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
|
KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
|
||||||
$MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
$MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
|
||||||
|
if [ ${#KEYID} -lt 4 ]; then
|
||||||
|
echo "gpg key for $MY_EMAIL_ADDRESS was not found"
|
||||||
|
return 3682
|
||||||
|
fi
|
||||||
|
|
||||||
|
MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | \
|
||||||
|
grep 'pub ' | awk -F ' ' '{print $2}' | \
|
||||||
|
awk -F '/' '{print $2}')
|
||||||
|
if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
|
||||||
|
echo "gpg backup key for '$MY_NAME' was not found"
|
||||||
|
return 58213
|
||||||
|
fi
|
||||||
|
|
||||||
# create the key file
|
# create the key file
|
||||||
mkdir -p $FRAGMENTS_DIR
|
mkdir -p $FRAGMENTS_DIR
|
||||||
|
@ -105,14 +122,33 @@ if [ ! "$?" = "0" ]; then
|
||||||
echo "Unable to extract public key for $KEYID"
|
echo "Unable to extract public key for $KEYID"
|
||||||
exit 7835
|
exit 7835
|
||||||
fi
|
fi
|
||||||
gpg --output $FRAGMENTS_DIR/privkey.txt --armor --export-secret-key $KEYID
|
gpg --output $FRAGMENTS_DIR/privkey.txt \
|
||||||
|
--armor --export-secret-key $KEYID
|
||||||
if [ ! "$?" = "0" ]; then
|
if [ ! "$?" = "0" ]; then
|
||||||
echo "Unable to extract private key for $KEYID"
|
echo "Unable to extract private key for $KEYID"
|
||||||
exit 7823
|
exit 7823
|
||||||
fi
|
fi
|
||||||
cat $FRAGMENTS_DIR/pubkey.txt $FRAGMENTS_DIR/privkey.txt > $KEYS_FILE
|
gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
|
||||||
|
--armor --export $MY_BACKUP_KEY_ID
|
||||||
|
if [ ! "$?" = "0" ]; then
|
||||||
|
echo "Unable to extract backup public key for $MY_BACKUP_KEY_ID"
|
||||||
|
exit 62928
|
||||||
|
fi
|
||||||
|
gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
|
||||||
|
--armor --export-secret-key $MY_BACKUP_KEY_ID
|
||||||
|
if [ ! "$?" = "0" ]; then
|
||||||
|
echo "Unable to extract backup private key for $MY_BACKUP_KEY_ID"
|
||||||
|
exit 13783
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat $FRAGMENTS_DIR/pubkey.txt \
|
||||||
|
$FRAGMENTS_DIR/privkey.txt \
|
||||||
|
$FRAGMENTS_DIR/backup_pubkey.txt \
|
||||||
|
$FRAGMENTS_DIR/backup_privkey.txt > $KEYS_FILE
|
||||||
shred -zu $FRAGMENTS_DIR/privkey.txt
|
shred -zu $FRAGMENTS_DIR/privkey.txt
|
||||||
shred -zu $FRAGMENTS_DIR/pubkey.txt
|
shred -zu $FRAGMENTS_DIR/pubkey.txt
|
||||||
|
shred -zu $FRAGMENTS_DIR/backup_privkey.txt
|
||||||
|
shred -zu $FRAGMENTS_DIR/backup_pubkey.txt
|
||||||
|
|
||||||
KEY_SHARES=$((KEY_FRAGMENTS * 2))
|
KEY_SHARES=$((KEY_FRAGMENTS * 2))
|
||||||
gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE
|
gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE
|
||||||
|
|
Loading…
Reference in New Issue