diff --git a/src/freedombone-base-email b/src/freedombone-base-email
index e619d04d2c69bc54c181239268cdd251ee36dd52..0bbf7e81b3401f38bbd7afedf0718fdb2889dec5 100755
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -13,7 +13,7 @@
# License
# =======
#
-# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@@ -1576,12 +1576,15 @@ function configure_gpg {
echo $"GPG public key file $MY_GPG_PUBLIC_KEY was not found"
exit 2483
fi
+
if [ ! -f $MY_GPG_PRIVATE_KEY ]; then
echo $"GPG private key file $MY_GPG_PRIVATE_KEY was not found"
exit 5383
fi
- su -c "gpg --import $MY_GPG_PUBLIC_KEY" - $MY_USERNAME
- su -c "gpg --allow-secret-key-import --import $MY_GPG_PRIVATE_KEY" - $MY_USERNAME
+
+ gpg_import_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY
+ gpg_import_private_key $MY_USERNAME $MY_GPG_PRIVATE_KEY
+
KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
if [[ $KEY_EXISTS == "no" ]]; then
echo $"The GPG key for $MY_EMAIL_ADDRESS could not be imported"
@@ -1596,35 +1599,14 @@ function configure_gpg {
fi
else
# Generate a GPG key
- echo 'Key-Type: eddsa' > /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Key-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Type: eddsa' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Subkey-Curve: Ed25519' >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Real: $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
- echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
- cat /home/$MY_USERNAME/gpg-genkey.conf
if [ -f $IMAGE_PASSWORD_FILE ]; then
- echo "Passphrase: $(printf `cat $IMAGE_PASSWORD_FILE`)" >> /home/$MY_USERNAME/gpg-genkey.conf
+ gpg_create_key $MY_USERNAME $(printf `cat $IMAGE_PASSWORD_FILE`)
else
- echo "Passphrase: $PROJECT_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
+ gpg_create_key $MY_USERNAME $PROJECT_NAME
fi
- chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
- echo $'Generating a new GPG key'
- su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --batch --full-gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
- chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
- KEY_EXISTS=$(gpg_key_exists "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [[ $KEY_EXISTS == "no" ]]; then
- echo $"A GPG key for $MY_EMAIL_ADDRESS could not be created"
- exit 6362
- fi
- shred -zu /home/$MY_USERNAME/gpg-genkey.conf
MY_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$MY_USERNAME" "$MY_EMAIL_ADDRESS")
- if [ ${#MY_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
- echo $'GPG public key ID could not be obtained'
- fi
MY_GPG_PUBLIC_KEY=/tmp/public_key.gpg
- su -m root -c "gpg --homedir /home/$MY_USERNAME/.gnupg --output $MY_GPG_PUBLIC_KEY --armor --export $MY_GPG_PUBLIC_KEY_ID" - $MY_USERNAME
+ gpg_export_public_key $MY_USERNAME $MY_GPG_PUBLIC_KEY_ID $MY_GPG_PUBLIC_KEY
fi
if [ ! -d /root/.gnupg ]; then
diff --git a/src/freedombone-utils-gpg b/src/freedombone-utils-gpg
index 27a31c6c5d8f265252c4a006dc8989cf113d741b..2a2442485135f2e0ca3471fbf3c06a79c34bebad 100755
--- a/src/freedombone-utils-gpg
+++ b/src/freedombone-utils-gpg
@@ -28,6 +28,76 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+function gpg_import_public_key {
+ key_username=$1
+ key_filename=$2
+
+ gpg --homedir=/home/$key_username/.gnupg --import $key_filename
+ gpg_set_permissions $key_username
+}
+
+function gpg_import_private_key {
+ key_username=$1
+ key_filename=$2
+
+ gpg --homedir=/home/$key_username/.gnupg --allow-secret-key-import --import $key_filename
+ gpg_set_permissions $key_username
+}
+
+function gpg_export_public_key {
+ key_username=$1
+ key_id=$2
+ key_filename=$3
+
+ su -m root -c "gpg --homedir /home/$key_username/.gnupg --output $key_filename --armor --export $key_id" - $key_username
+}
+
+function gpg_export_private_key {
+ key_username=$1
+ key_id=$2
+ key_filename=$3
+
+ su -m root -c "gpg --homedir=/home/$key_username/.gnupg --armor --output $key_filename --export-secret-key $key_id" - $key_username
+}
+
+function gpg_create_key {
+ key_username=$1
+ key_passphrase=$2
+
+ gpg_dir=/home/$key_username/.gnupg
+
+ echo 'Key-Type: eddsa' > /home/$key_username/gpg-genkey.conf
+ echo 'Key-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
+ echo 'Subkey-Type: eddsa' >> /home/$key_username/gpg-genkey.conf
+ echo 'Subkey-Curve: Ed25519' >> /home/$key_username/gpg-genkey.conf
+ echo "Name-Real: $MY_NAME" >> /home/$key_username/gpg-genkey.conf
+ echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$key_username/gpg-genkey.conf
+ echo 'Expire-Date: 0' >> /home/$key_username/gpg-genkey.conf
+ cat /home/$key_username/gpg-genkey.conf
+ if [ $key_passphrase ]; then
+ echo "Passphrase: $key_passphrase" >> /home/$key_username/gpg-genkey.conf
+ else
+ echo "Passphrase: $PROJECT_NAME" >> /home/$key_username/gpg-genkey.conf
+ fi
+ chown $key_username:$key_username /home/$key_username/gpg-genkey.conf
+
+ echo $'Generating a new GPG key'
+ su -m root -c "gpg --homedir /home/$key_username/.gnupg --batch --full-gen-key /home/$key_username/gpg-genkey.conf" - $key_username
+ chown -R $key_username:$key_username /home/$key_username/.gnupg
+ KEY_EXISTS=$(gpg_key_exists "$key_username" "${key_username}@${HOSTNAME}")
+ if [[ $KEY_EXISTS == "no" ]]; then
+ echo $"A GPG key for ${key_username}@${HOSTNAME} could not be created"
+ exit 63621
+ fi
+ shred -zu /home/$key_username/gpg-genkey.conf
+ CURR_GPG_PUBLIC_KEY_ID=$(gpg_pubkey_from_email "$key_username" "${key_username}@${HOSTNAME}")
+ if [ ${#CURR_GPG_PUBLIC_KEY_ID} -lt 4 ]; then
+ echo $"GPG public key ID could not be obtained for ${key_username}@${HOSTNAME}"
+ exit 825292
+ fi
+ gpg_set_permissions $key_username
+}
+
function gpg_delete_key {
key_username=$1
key_id=$2