diff --git a/Makefile b/Makefile index 6f7e4d53..e76fab0c 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,7 @@ install: mkdir -p ${DESTDIR}${PREFIX}/bin install -m 755 src/${APP} ${DESTDIR}${PREFIX}/bin install -m 755 src/${APP}-splitkey ${DESTDIR}${PREFIX}/bin + install -m 755 src/${APP}-recoverkey ${DESTDIR}${PREFIX}/bin install -m 755 src/${APP}-prep ${DESTDIR}${PREFIX}/bin install -m 755 src/${APP}-client ${DESTDIR}${PREFIX}/bin install -m 755 src/${APP}-remote ${DESTDIR}${PREFIX}/bin @@ -32,6 +33,7 @@ install: mkdir -m 755 -p ${DESTDIR}${PREFIX}/share/man/man1 install -m 644 man/${APP}.1.gz ${DESTDIR}${PREFIX}/share/man/man1 install -m 644 man/${APP}-splitkey.1.gz ${DESTDIR}${PREFIX}/share/man/man1 + install -m 644 man/${APP}-recoverkey.1.gz ${DESTDIR}${PREFIX}/share/man/man1 install -m 644 man/${APP}-prep.1.gz ${DESTDIR}${PREFIX}/share/man/man1 install -m 644 man/${APP}-client.1.gz ${DESTDIR}${PREFIX}/share/man/man1 install -m 644 man/${APP}-remote.1.gz ${DESTDIR}${PREFIX}/share/man/man1 @@ -52,6 +54,7 @@ install: uninstall: rm -f ${PREFIX}/share/man/man1/${APP}.1.gz rm -f ${PREFIX}/share/man/man1/${APP}-splitkey.1.gz + rm -f ${PREFIX}/share/man/man1/${APP}-recoverkey.1.gz rm -f ${PREFIX}/share/man/man1/${APP}-prep.1.gz rm -f ${PREFIX}/share/man/man1/${APP}-client.1.gz rm -f ${PREFIX}/share/man/man1/${APP}-remote.1.gz @@ -72,6 +75,7 @@ uninstall: rm -rf ${PREFIX}/share/${APP} rm -f ${PREFIX}/bin/${APP} rm -f ${PREFIX}/bin/${APP}-splitkey + rm -f ${PREFIX}/bin/${APP}-recoverkey rm -f ${PREFIX}/bin/${APP}-prep rm -f ${PREFIX}/bin/${APP}-client rm -f ${PREFIX}/bin/${APP}-remote diff --git a/debian/source/include-binaries b/debian/source/include-binaries index b5d4054e..ad68c034 100644 --- a/debian/source/include-binaries +++ b/debian/source/include-binaries @@ -1,5 +1,6 @@ man/freedombone.1.gz man/freedombone-splitkey.1.gz +man/freedombone-recoverkey.1.gz man/freedombone-prep.1.gz man/freedombone-client.1.gz man/freedombone-remote.1.gz diff --git a/man/freedombone-recoverkey.1.gz b/man/freedombone-recoverkey.1.gz new file mode 100644 index 00000000..82a8b039 Binary files /dev/null and b/man/freedombone-recoverkey.1.gz differ diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey new file mode 100755 index 00000000..803a8262 --- /dev/null +++ b/src/freedombone-recoverkey @@ -0,0 +1,119 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# A script which recovers a user's gpg key from a number of fragments + +# License +# ======= +# +# Copyright (C) 2015 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +function show_help { + echo '' + echo 'freedombone-recoverkey -u [username]' + echo '' + exit 0 +} + +while [[ $# > 1 ]] +do +key="$1" + +case $key in + -h|--help) + show_help + ;; + -u|--user) + shift + MY_USERNAME="$1" + ;; + *) + # unknown option + ;; +esac +shift +done + +if [ ! $MY_USERNAME ]; then + show_help +fi +if [ ! -d /home/$MY_USERNAME ]; then + echo "User $MY_USERNAME does not exist on the system" + exit 7270 +fi + +if [ ! $MY_USERNAME ]; then + echo 'No username given' + exit 3578 +fi +if [ ! -d /home/$MY_USERNAME ]; then + echo "User $MY_USERNAME does not exist on the system" + exit 7270 +fi +FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments +if [ ! -d $FRAGMENTS_DIR ]; then + echo 'No fragments have been recovered, so the key cannot be recovered' + exit 7483 +fi + +# join the fragments +if [ ! -d /home/$MY_USERNAME/.tempgnupg ]; then + mkdir /home/$MY_USERNAME/.tempgnupg +fi +KEYS_FILE=/home/$MY_USERNAME/.tempgnupg/tempfile.asc +cat $FRAGMENTS_DIR/data* > $KEYS_FILE.gpg +if [ ! "$?" = "0" ]; then + echo 'Unable to find key fragments' + exit 8727 +fi + +# decrypt the file +cd /home/$MY_USERNAME/.tempgnupg +gpg -d $KEYS_FILE.gpg -o $KEYS_FILE +if [ ! "$?" = "0" ]; then + echo 'Unable to decrypt data. This may mean that not enough fragments are available' + exit 6283 +fi +shred -zu $KEYS_FILE.gpg +if [ ! -f $KEYS_FILE ]; then + echo 'Unable to find decrypted key file. This may mean that not enough fragments are available' + exit 8358 +fi +echo 'Key fragments decrypted' + +# import the gpg key +su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME +if [ ! "$?" = "0" ]; then + echo 'Unable to import gpg key' + shred -zu $KEYS_FILE + rm -rf /home/$MY_USERNAME/.tempgnupg + exit 3682 +fi +shred -zu $KEYS_FILE +chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg +chmod -R 600 /home/$MY_USERNAME/.gnupg +rm -rf /home/$MY_USERNAME/.tempgnupg + +echo 'GPG key was recovered' + +exit 0