diff --git a/src/freedombone-keydrive b/src/freedombone-keydrive index 78bcea27..36fe9fed 100755 --- a/src/freedombone-keydrive +++ b/src/freedombone-keydrive @@ -134,7 +134,49 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]]; rm -rf $USB_MOUNT exit 73025 fi + + # export the gpg key and backup key as text + # so that it may be imported at the beginning of new installs + USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME + GPG_ID=$(gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//') + GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//') + + gpgerrstr=$'error' + gpgkey=$(gpg --armor --export $GPG_ID) + if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then + echo $'Problem exporting public gpg key' + echo "$gpgkey" + exit 735282 + fi + gpgprivkey=$(gpg --armor --export-secret-key $GPG_ID) + if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then + echo $'Problem exporting private gpg key' + echo "$gpgprivkey" + gpgprivkey= + exit 629362 + fi + + backupgpgkey=$(gpg --armor --export $GPG_BACKUP_ID) + if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then + echo $'Problem exporting public gpg key' + echo "$gpgkey" + exit 735282 + fi + backupgpgprivkey=$(gpg --armor --export-secret-key $GPG_BACKUP_ID) + if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then + echo $'Problem exporting private gpg key' + echo "$gpgprivkey" + gpgprivkey= + exit 629362 + fi + + echo "$gpgkey" > $USB_MOUNT/.mastergpgkey + echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey + echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey + echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey + cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT + if [ -d /etc/letsencrypt ]; then cp -rf /etc/letsencrypt $USB_MOUNT echo $"LetsEncrypt keys copied to $USB_DRIVE" diff --git a/src/freedombone-utils-keys b/src/freedombone-utils-keys index 4bdcf71b..f74d8112 100755 --- a/src/freedombone-utils-keys +++ b/src/freedombone-utils-keys @@ -119,20 +119,34 @@ function interactive_gpg_from_usb { cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt fi - if [ -d $USB_MOUNT/.gnupg ]; then - if [ ! -d $HOME_DIR/.gnupg ]; then - mkdir $HOME_DIR/.gnupg + if [ -f $USB_MOUNT/.mastergpgkey && -f $USB_MOUNT/.backupgpgkey ]; then + # Recovering keys from file rather than just copying the gnupg + # directory may help to avoid problems during upgrades/reinstalls + su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey" - $MY_USERNAME + su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey" - $MY_USERNAME + if [ -d /home/$MY_USERNAME/.gnupg ]; then + chmod 700 /home/$MY_USERNAME/.gnupg + chmod -R 600 /home/$MY_USERNAME/.gnupg/* + chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg fi - echo $'Recovering GPG keys' - cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg - GPG_LOADING="no" dialog --title $"Recover Encryption Keys" \ - --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70 + --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70 else - if [ ! -d $HOME_DIR/.gnupg_fragments ]; then - mkdir $HOME_DIR/.gnupg_fragments + if [ -d $USB_MOUNT/.gnupg ]; then + if [ ! -d $HOME_DIR/.gnupg ]; then + mkdir $HOME_DIR/.gnupg + fi + echo $'Recovering GPG keys' + cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg + GPG_LOADING="no" + dialog --title $"Recover Encryption Keys" \ + --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70 + else + if [ ! -d $HOME_DIR/.gnupg_fragments ]; then + mkdir $HOME_DIR/.gnupg_fragments + fi + cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments fi - cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments fi if [[ $SSH_IMPORTED == "no" ]]; then