summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to 'share')
-rwxr-xr-xshare/keyringer/decrypt23
-rwxr-xr-xshare/keyringer/del28
-rwxr-xr-xshare/keyringer/encrypt35
-rwxr-xr-xshare/keyringer/genpair111
-rwxr-xr-xshare/keyringer/git16
-rwxr-xr-xshare/keyringer/ls17
-rwxr-xr-xshare/keyringer/recipients27
-rwxr-xr-xshare/keyringer/recrypt28
8 files changed, 285 insertions, 0 deletions
diff --git a/share/keyringer/decrypt b/share/keyringer/decrypt
new file mode 100755
index 0000000..b933f3f
--- /dev/null
+++ b/share/keyringer/decrypt
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Decrypt files.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source $LIB
+
+BASEDIR="$1"
+FILE="`keyringer_filename $2`"
+KEYDIR="$BASEDIR/keys"
+BASENAME="`basename $0`"
+
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <basedir> <file>"
+ exit 1
+elif [ ! -f "$KEYDIR/$FILE" ]; then
+ echo "File not found: $KEYDIR/$FILE"
+ exit 1
+fi
+
+gpg -d $KEYDIR/$FILE
diff --git a/share/keyringer/del b/share/keyringer/del
new file mode 100755
index 0000000..cc6ad4e
--- /dev/null
+++ b/share/keyringer/del
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Remove files.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source $LIB
+
+# Config
+BASEDIR="$1"
+FILE="`keyringer_filename $2`"
+KEYDIR="$BASEDIR/keys"
+BASENAME="`basename $0`"
+
+# Setup
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <basedir> <file>"
+ exit 1
+elif [ ! -f "$KEYDIR/$FILE" ]; then
+ echo "File not found: $KEYDIR/$FILE"
+ exit 1
+fi
+
+# Remove
+if [ -d "$KEYDIR/.git" ]; then
+ ./git $KEYDIR rm $FILE --force
+fi
diff --git a/share/keyringer/encrypt b/share/keyringer/encrypt
new file mode 100755
index 0000000..1245715
--- /dev/null
+++ b/share/keyringer/encrypt
@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+# Encrypt files to multiple recipients.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source $LIB
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+FILE="`keyringer_filename $2`"
+KEYDIR="$BASEDIR/keys"
+RECIPIENTS="$BASEDIR/config/recipients"
+BASENAME="`basename $0`"
+
+# Setup
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <basedir> <file>"
+ exit 1
+elif [ ! -f "$RECIPIENTS" ]; then
+ echo "No recipient config was found"
+ exit 1
+fi
+
+# Encrypt
+mkdir -p $KEYDIR/`dirname $FILE`
+echo "Type your message and finish your input with EOF (Ctrl-D)."
+gpg --armor -e -s $(keyringer_recipients $RECIPIENTS) - > $KEYDIR/$FILE
+
+# Stage
+if [ -d "$BASEDIR/.git" ]; then
+ keyringer_exec git $KEYDIR add $FILE
+fi
diff --git a/share/keyringer/genpair b/share/keyringer/genpair
new file mode 100755
index 0000000..ff554cc
--- /dev/null
+++ b/share/keyringer/genpair
@@ -0,0 +1,111 @@
+#!/bin/bash
+#
+# Generate keypairs.
+#
+# This script is just a wrapper to easily generate keys for
+# automated systems.
+#
+
+# Generate a keypair, ssh version
+function genpair_ssh {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -p "Hit ENTER to continue." prompt
+
+ # TODO: programatically enter blank passphrase twice
+ ssh-keygen -t dsa -f $WORK/id_dsa -C "root@$NODE"
+
+ # Encrypt the result
+ cat $WORK/id_dsa | keyringer_exec encrypt $BASEDIR $FILE
+ cat $WORK/id_dsa.pub | keyringer_exec encrypt $BASEDIR $FILE.pub
+
+ echo "Done"
+}
+
+# Generate a keypair, gpg version
+function genpair_gpg {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -s -p "Enter password for the private key: " passphrase
+
+ # TODO: insert 279 random bytes
+ gpg --homedir $WORK --gen-key --batch <<EOF
+ Key-Type: DSA
+ Key-Length: 1024
+ Subkey-Type: ELG-E
+ Subkey-Length: 4096
+ Name-Real: $NODE
+ Name-Comment: backupninja
+ Name-Email: root@$NODE
+ Expire-Date: 0
+ Passphrase: $passphrase
+ %commit
+EOF
+
+ # Encrypt the result
+ gpg --homedir $WORK --export-secret-keys | keyringer_exec encrypt $BASEDIR $FILE
+ gpg --homedir $WORK --export | keyringer_exec encrypt $BASEDIR $FILE.pub
+ echo "Passphrase for $FILE: $passphrase" | keyringer_exec encrypt $BASEDIR $FILE.passwd
+
+ echo "Done"
+}
+
+# Generate a keypair, ssl version
+function genpair_ssl {
+ echo "Make sure that $KEYDIR is atop of an encrypted volume."
+ read -p "Hit ENTER to continue." prompt
+
+ # Setup
+ cd $WORK
+
+ # Generate certificate
+ $LIB/csr.sh $NODE
+
+ # Self-sign
+ openssl x509 -in $NODE"_csr.pem" -out $NODE.crt -req -signkey $NODE"_privatekey.pem" -days 365
+ chmod 600 $NODE"_privatekey.pem"
+
+ # Encrypt the result
+ cat $NODE"_privatekey.pem" | keyringer_exec encrypt $BASEDIR $FILE.pem
+ cat $NODE"_csr.pem" | keyringer_exec encrypt $BASEDIR $FILE.csr.pem
+ cat $NODE.crt | keyringer_exec encrypt $BASEDIR $FILE.crt
+
+ echo "Done"
+ cd $CWD
+}
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer"
+source $LIB/functions
+
+# Config
+ACTIONS="`dirname $0`"
+BASEDIR="$1"
+KEYDIR="$BASEDIR/keys"
+KEYTYPE="$2"
+FILE="$3"
+NODE="$4"
+BASENAME="`basename $0`"
+CWD="`pwd`"
+
+# Verify
+if [ -z "$NODE" ]; then
+ echo "Usage: $BASENAME <keydir> <gpg|ssh|ssl> <file> <hostname>"
+ exit 1
+elif [ ! -e "$KEYDIR" ]; then
+ echo "Folder not found: $KEYDIR, leaving"
+ exit 1
+fi
+
+# Prepare
+mkdir -p $KEYDIR && chmod 700 $KEYDIR
+WORK="`mktemp -d $KEYDIR/genpair.XXXXXX`"
+if [ "$?" != "0" ]; then
+ echo "Error setting up $WORK"
+ exit 1
+fi
+
+# Dispatch
+genpair_$KEYTYPE
+
+# Cleanup
+cd $CWD
+rm -rf $WORK
diff --git a/share/keyringer/git b/share/keyringer/git
new file mode 100755
index 0000000..5e98105
--- /dev/null
+++ b/share/keyringer/git
@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# Git wrapper.
+#
+
+BASEDIR="$1"
+CWD="`pwd`"
+
+if [ -z "$BASEDIR" ]; then
+ echo "Usage: `basename $0` <basedir> [arguments]"
+ exit 1
+fi
+
+shift
+mkdir -p $BASEDIR && cd $BASEDIR && git $*
+cd $CWD
diff --git a/share/keyringer/ls b/share/keyringer/ls
new file mode 100755
index 0000000..f37df8e
--- /dev/null
+++ b/share/keyringer/ls
@@ -0,0 +1,17 @@
+#!/bin/bash
+#
+# List keys.
+#
+
+BASEDIR="$1"
+KEYDIR="$BASEDIR/keys"
+CWD="`pwd`"
+
+if [ -z "$KEYDIR" ]; then
+ echo "Usage: `basename $0` <basedir> [arguments]"
+ exit 1
+fi
+
+shift
+cd $KEYDIR && ls $*
+cd $CWD
diff --git a/share/keyringer/recipients b/share/keyringer/recipients
new file mode 100755
index 0000000..46d3e92
--- /dev/null
+++ b/share/keyringer/recipients
@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+# Recipient management.
+#
+
+# Config
+BASEDIR="$1"
+COMMAND="$2"
+BASENAME="`basename $0`"
+RECIPIENTS="$BASEDIR/config/recipients"
+
+if [ -z "$COMMAND" ]; then
+ echo "Usage: `basename $0` <basedir> <command> [arguments]"
+ exit 1
+elif [ ! -f "$RECIPIENTS" ]; then
+ echo "No recipient config was found"
+ exit 1
+fi
+
+if [ "$COMMAND" == "ls" ]; then
+ cat $RECIPIENTS
+elif [ "$COMMAND" == "edit" ]; then
+ $EDITOR $RECIPIENTS
+else
+ echo "$BASENAME: No such command $COMMAND"
+ exit 1
+fi
diff --git a/share/keyringer/recrypt b/share/keyringer/recrypt
new file mode 100755
index 0000000..ff1d60e
--- /dev/null
+++ b/share/keyringer/recrypt
@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Re-encrypt files to multiple recipients.
+#
+
+# Load functions
+LIB="`dirname $0`/../../lib/keyringer/functions"
+source $LIB
+
+# Config
+BASEDIR="$1"
+FILE="`keyringer_filename $2`"
+KEYDIR="$BASEDIR/keys"
+RECIPIENTS="$BASEDIR/config/recipients"
+BASENAME="`basename $0`"
+
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <basedir> <file>"
+ exit 1
+elif [ ! -f "$RECIPIENTS" ]; then
+ echo "No recipient config was found"
+ exit 1
+elif [ ! -f "$KEYDIR/$FILE" ]; then
+ echo "File not found: $KEYDIR/$FILE"
+ exit 1
+fi
+
+gpg -d $KEYDIR/$FILE | gpg --armor -e -s $(keyringer_recipients $RECIPIENTS) > $KEYDIR/$FILE