Include the backup key in key splitting

2015-09-27 23:45:11 +01:00 · 2015-09-27 23:45:11 +01:00 · 7104c356c1
parent b760624422
commit 7104c356c1
2 changed files with 41 additions and 5 deletions
--- a/src/freedombone
+++ b/src/freedombone
@ -7331,7 +7331,7 @@ function split_gpg_key_into_fragments {
  # split the gpg key into fragments if social key management is enabled
  if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
      echo 'Splitting GPG key. You may need to enter your passphrase.'
-      freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS
+      freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
      if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
          echo 'Yhe GPG key could not be split'
          exit 86548
--- a/src/freedombone-splitkey
+++ b/src/freedombone-splitkey
@ -37,10 +37,11 @@
 KEY_FRAGMENTS=3
 MY_USERNAME=
 MY_EMAIL_ADDRESS=
+MY_NAME=

 function show_help {
    echo ''
-    echo 'freedombone-splitkey -u [username] -n [number of fragments] -e [email address]'
+    echo 'freedombone-splitkey -u [username] -n [number of fragments] -e [email address] --fullname [Full name]'
    echo ''
    exit 0
 }
@ -65,6 +66,10 @@ case $key in
    shift
    MY_EMAIL_ADDRESS=$1
    ;;
+    --fullname)
+    shift
+    MY_NAME=$1
+    ;;
    *)
    # unknown option
    ;;
@ -95,7 +100,19 @@ if [ ! $MY_EMAIL_ADDRESS ]; then
    MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
 fi
 KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
-        $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+           $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
+if [ ${#KEYID} -lt 4 ]; then
+    echo "gpg key for $MY_EMAIL_ADDRESS was not found"
+    return 3682
+fi
+
+MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | \
+                          grep 'pub ' | awk -F ' ' '{print $2}' | \
+                          awk -F '/' '{print $2}')
+if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
+    echo "gpg backup key for '$MY_NAME' was not found"
+    return 58213
+fi

 # create the key file
 mkdir -p $FRAGMENTS_DIR
@ -105,14 +122,33 @@ if [ ! "$?" = "0" ]; then
    echo "Unable to extract public key for $KEYID"
    exit 7835
 fi
-gpg --output $FRAGMENTS_DIR/privkey.txt --armor --export-secret-key $KEYID
+gpg --output $FRAGMENTS_DIR/privkey.txt \
+    --armor --export-secret-key $KEYID
 if [ ! "$?" = "0" ]; then
    echo "Unable to extract private key for $KEYID"
    exit 7823
 fi
-cat $FRAGMENTS_DIR/pubkey.txt $FRAGMENTS_DIR/privkey.txt > $KEYS_FILE
+gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
+    --armor --export $MY_BACKUP_KEY_ID
+if [ ! "$?" = "0" ]; then
+    echo "Unable to extract backup public key for $MY_BACKUP_KEY_ID"
+    exit 62928
+fi
+gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
+    --armor --export-secret-key $MY_BACKUP_KEY_ID
+if [ ! "$?" = "0" ]; then
+    echo "Unable to extract backup private key for $MY_BACKUP_KEY_ID"
+    exit 13783
+fi
+
+cat $FRAGMENTS_DIR/pubkey.txt \
+    $FRAGMENTS_DIR/privkey.txt \
+    $FRAGMENTS_DIR/backup_pubkey.txt \
+    $FRAGMENTS_DIR/backup_privkey.txt > $KEYS_FILE
 shred -zu $FRAGMENTS_DIR/privkey.txt
 shred -zu $FRAGMENTS_DIR/pubkey.txt
+shred -zu $FRAGMENTS_DIR/backup_privkey.txt
+shred -zu $FRAGMENTS_DIR/backup_pubkey.txt

 KEY_SHARES=$((KEY_FRAGMENTS * 2))
 gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE