Skip to content
Snippets Groups Projects
Commit 7104c356 authored by Bob Mottram's avatar Bob Mottram
Browse files

Include the backup key in key splitting

parent b7606244
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/freedombone
+ 1
1
View file @ 7104c356
......@@ -7331,7 +7331,7 @@ function split_gpg_key_into_fragments {
# split the gpg key into fragments if social key management is enabled
if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
echo 'Splitting GPG key. You may need to enter your passphrase.'
freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS
freedombone-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
echo 'Yhe GPG key could not be split'
exit 86548
......
src/freedombone-splitkey
+ 40
4
View file @ 7104c356
......@@ -37,10 +37,11 @@
KEY_FRAGMENTS=3
MY_USERNAME=
MY_EMAIL_ADDRESS=
MY_NAME=
function show_help {
echo ''
echo 'freedombone-splitkey -u [username] -n [number of fragments] -e [email address]'
echo 'freedombone-splitkey -u [username] -n [number of fragments] -e [email address] --fullname [Full name]'
echo ''
exit 0
}
......@@ -65,6 +66,10 @@ case $key in
shift
MY_EMAIL_ADDRESS=$1
;;
--fullname)
shift
MY_NAME=$1
;;
*)
# unknown option
;;
......@@ -95,7 +100,19 @@ if [ ! $MY_EMAIL_ADDRESS ]; then
MY_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
fi
KEYID=$(su -c "gpg --list-keys $MY_EMAIL_ADDRESS | grep 'pub '" - \
$MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
$MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
if [ ${#KEYID} -lt 4 ]; then
echo "gpg key for $MY_EMAIL_ADDRESS was not found"
return 3682
fi
MY_BACKUP_KEY_ID=$(gpg --list-keys "$MY_NAME (backup key)" | \
grep 'pub ' | awk -F ' ' '{print $2}' | \
awk -F '/' '{print $2}')
if [ ${#MY_BACKUP_KEY_ID} -lt 4 ]; then
echo "gpg backup key for '$MY_NAME' was not found"
return 58213
fi
# create the key file
mkdir -p $FRAGMENTS_DIR
......@@ -105,14 +122,33 @@ if [ ! "$?" = "0" ]; then
echo "Unable to extract public key for $KEYID"
exit 7835
fi
gpg --output $FRAGMENTS_DIR/privkey.txt --armor --export-secret-key $KEYID
gpg --output $FRAGMENTS_DIR/privkey.txt \
--armor --export-secret-key $KEYID
if [ ! "$?" = "0" ]; then
echo "Unable to extract private key for $KEYID"
exit 7823
fi
cat $FRAGMENTS_DIR/pubkey.txt $FRAGMENTS_DIR/privkey.txt > $KEYS_FILE
gpg --output $FRAGMENTS_DIR/backup_pubkey.txt \
--armor --export $MY_BACKUP_KEY_ID
if [ ! "$?" = "0" ]; then
echo "Unable to extract backup public key for $MY_BACKUP_KEY_ID"
exit 62928
fi
gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
--armor --export-secret-key $MY_BACKUP_KEY_ID
if [ ! "$?" = "0" ]; then
echo "Unable to extract backup private key for $MY_BACKUP_KEY_ID"
exit 13783
fi
cat $FRAGMENTS_DIR/pubkey.txt \
$FRAGMENTS_DIR/privkey.txt \
$FRAGMENTS_DIR/backup_pubkey.txt \
$FRAGMENTS_DIR/backup_privkey.txt > $KEYS_FILE
shred -zu $FRAGMENTS_DIR/privkey.txt
shred -zu $FRAGMENTS_DIR/pubkey.txt
shred -zu $FRAGMENTS_DIR/backup_privkey.txt
shred -zu $FRAGMENTS_DIR/backup_pubkey.txt
KEY_SHARES=$((KEY_FRAGMENTS * 2))
gfsplit -n $KEY_FRAGMENTS -m $KEY_SHARES $KEYS_FILE
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment