From ddc05477e758315e7a444b2b4feb19e934ffb915 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Tue, 30 Jun 2015 21:45:18 +0100
Subject: [PATCH] Recover gpg key from fragments

---
 Makefile                        |   4 ++
 debian/source/include-binaries  |   1 +
 man/freedombone-recoverkey.1.gz | Bin 0 -> 598 bytes
 src/freedombone-recoverkey      | 119 ++++++++++++++++++++++++++++++++
 4 files changed, 124 insertions(+)
 create mode 100644 man/freedombone-recoverkey.1.gz
 create mode 100755 src/freedombone-recoverkey

diff --git a/Makefile b/Makefile
index 6f7e4d530..e76fab0cb 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,7 @@ install:
 	mkdir -p ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP} ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-splitkey ${DESTDIR}${PREFIX}/bin
+	install -m 755 src/${APP}-recoverkey ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-prep ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-client ${DESTDIR}${PREFIX}/bin
 	install -m 755 src/${APP}-remote ${DESTDIR}${PREFIX}/bin
@@ -32,6 +33,7 @@ install:
 	mkdir -m 755 -p ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-splitkey.1.gz ${DESTDIR}${PREFIX}/share/man/man1
+	install -m 644 man/${APP}-recoverkey.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-prep.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-client.1.gz ${DESTDIR}${PREFIX}/share/man/man1
 	install -m 644 man/${APP}-remote.1.gz ${DESTDIR}${PREFIX}/share/man/man1
@@ -52,6 +54,7 @@ install:
 uninstall:
 	rm -f ${PREFIX}/share/man/man1/${APP}.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-splitkey.1.gz
+	rm -f ${PREFIX}/share/man/man1/${APP}-recoverkey.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-prep.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-client.1.gz
 	rm -f ${PREFIX}/share/man/man1/${APP}-remote.1.gz
@@ -72,6 +75,7 @@ uninstall:
 	rm -rf ${PREFIX}/share/${APP}
 	rm -f ${PREFIX}/bin/${APP}
 	rm -f ${PREFIX}/bin/${APP}-splitkey
+	rm -f ${PREFIX}/bin/${APP}-recoverkey
 	rm -f ${PREFIX}/bin/${APP}-prep
 	rm -f ${PREFIX}/bin/${APP}-client
 	rm -f ${PREFIX}/bin/${APP}-remote
diff --git a/debian/source/include-binaries b/debian/source/include-binaries
index b5d4054e3..ad68c0342 100644
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
@@ -1,5 +1,6 @@
 man/freedombone.1.gz
 man/freedombone-splitkey.1.gz
+man/freedombone-recoverkey.1.gz
 man/freedombone-prep.1.gz
 man/freedombone-client.1.gz
 man/freedombone-remote.1.gz
diff --git a/man/freedombone-recoverkey.1.gz b/man/freedombone-recoverkey.1.gz
new file mode 100644
index 0000000000000000000000000000000000000000..82a8b039e2c66ba50e4bcdfe290d90e78182c636
GIT binary patch
literal 598
zcmV-c0;&BUiwFR^|B_Vz1C>(SZrVT)efL+4{L)qmc1TnyMO9TuDWrjbFf{5-)p|YH
zE4&x&g_M_md)MHSBAbU=e%Ui;&Yan^(Q*uHjhIQEN`W1XRBlmka0guouP@<~6L59e
zeH}vR|Bug9SQ*qW3`~h|qzr=~O2!aA^ryoxIHUNz1B=7S00DRC&s7dpajhi>?n=v4
ziT*@#j>4K+H~I1~n<sb4S?!L4Z<V4T9DmeJABM^8;%>gYn>~cVh;31TEr_kh)dQd)
zTLe;SB-sv9^dypHn1Pj^jkV1n8vKr<TsW2geD;<x@4!mE^Gs&IYKErjt9|YJ*RCv2
zm-Hx)U?wQ;34dz^F^BPWx3{p94k)QydpMK+()MZ^jUS2!H563ul=bYC(2Y|U@Ki8b
zz!URKQW|-rAKmzAnu$EBuW6O^M?SRWPBBVKzc9%WnCS%p`0qdNd$1b$fEK8vwvf8q
zr)>SjL1C>jy*SR9EnFH=$>WrmLeuyk@t7Io@R;{-2>nSiJIVWH_tnLTA0HG&Z5uc(
zna`)SRAtKvE87YsGp!B3xKd|kG+`;$EN{Rp7e0aptTZ;2HF9a2T#W*sI;~4--oBIO
ztt)BXx{*;Ovp(Bq0cits;>=2wbVm_me5DSvzgmuGi!d0-6sFQzO*p(wW%^#rR9Z$&
z<TjC&?}8}R!F)82NApn+hW$4;SHtU@Jvv~Pqp4nI4+hiD6@7FCA8bEoYdtO|^6N4)
k>UMLFY$^2$O)}YcJ!0D1zdrx?PG<#w09`Uj_4xz<07C;GUH||9

literal 0
HcmV?d00001

diff --git a/src/freedombone-recoverkey b/src/freedombone-recoverkey
new file mode 100755
index 000000000..803a8262c
--- /dev/null
+++ b/src/freedombone-recoverkey
@@ -0,0 +1,119 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# A script which recovers a user's gpg key from a number of fragments
+
+# License
+# =======
+#
+# Copyright (C) 2015 Bob Mottram <bob@robotics.uk.to>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+function show_help {
+    echo ''
+    echo 'freedombone-recoverkey -u [username]'
+    echo ''
+    exit 0
+}
+
+while [[ $# > 1 ]]
+do
+key="$1"
+
+case $key in
+    -h|--help)
+    show_help
+    ;;
+    -u|--user)
+    shift
+    MY_USERNAME="$1"
+    ;;
+    *)
+    # unknown option
+    ;;
+esac
+shift
+done
+
+if [ ! $MY_USERNAME ]; then
+    show_help
+fi
+if [ ! -d /home/$MY_USERNAME ]; then
+    echo "User $MY_USERNAME does not exist on the system"
+    exit 7270
+fi
+
+if [ ! $MY_USERNAME ]; then
+    echo 'No username given'
+    exit 3578
+fi
+if [ ! -d /home/$MY_USERNAME ]; then
+    echo "User $MY_USERNAME does not exist on the system"
+    exit 7270
+fi
+FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
+if [ ! -d $FRAGMENTS_DIR ]; then
+    echo 'No fragments have been recovered, so the key cannot be recovered'
+    exit 7483
+fi
+
+# join the fragments
+if [ ! -d /home/$MY_USERNAME/.tempgnupg ]; then
+    mkdir /home/$MY_USERNAME/.tempgnupg
+fi
+KEYS_FILE=/home/$MY_USERNAME/.tempgnupg/tempfile.asc
+cat $FRAGMENTS_DIR/data* > $KEYS_FILE.gpg
+if [ ! "$?" = "0" ]; then
+    echo 'Unable to find key fragments'
+    exit 8727
+fi
+
+# decrypt the file
+cd /home/$MY_USERNAME/.tempgnupg
+gpg -d $KEYS_FILE.gpg -o $KEYS_FILE
+if [ ! "$?" = "0" ]; then
+    echo 'Unable to decrypt data. This may mean that not enough fragments are available'
+    exit 6283
+fi
+shred -zu $KEYS_FILE.gpg
+if [ ! -f $KEYS_FILE ]; then
+    echo 'Unable to find decrypted key file. This may mean that not enough fragments are available'
+    exit 8358
+fi
+echo 'Key fragments decrypted'
+
+# import the gpg key
+su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
+if [ ! "$?" = "0" ]; then
+    echo 'Unable to import gpg key'
+    shred -zu $KEYS_FILE
+    rm -rf /home/$MY_USERNAME/.tempgnupg
+    exit 3682
+fi
+shred -zu $KEYS_FILE
+chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
+chmod -R 600 /home/$MY_USERNAME/.gnupg
+rm -rf /home/$MY_USERNAME/.tempgnupg
+
+echo 'GPG key was recovered'
+
+exit 0
-- 
GitLab