Consolidate key recovery

src/freedombone-config

@@ -920,141 +920,6 @@ function interactive_gpg_from_remote {
     return 0
 }
 
-function reconstruct_key {
-    if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
-        return
-    fi
-    cd /home/$MY_USERNAME/.gnupg_fragments
-    no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
-    if (( no_of_shares < 4 )); then
-        dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
-        exit 7348
-    fi
-    apt-get -yq install libgfshare-bin gnupg
-    gfcombine /home/$MY_USERNAME/.gnupg_fragments/keyshare*
-    if [ ! "$?" = "0" ]; then
-        dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
-        exit 7348
-    fi
-
-    KEYS_FILE=/home/$MY_USERNAME/.gnupg_fragments/keyshare.asc
-    if [ ! -f $KEYS_FILE ]; then
-        dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
-    fi
-
-    su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
-    if [ ! "$?" = "0" ]; then
-        echo $'Unable to import gpg key'
-        shred -zu $KEYS_FILE
-        rm -rf /home/$MY_USERNAME/.tempgnupg
-        exit 9654
-    fi
-    shred -zu $KEYS_FILE
-
-    dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70
-}
-
-function interactive_gpg_from_usb {
-    dialog --title $"Recover Encryption Keys" \
-           --msgbox $'Plug in a USB keydrive containing a copy of your full key or key fragment' 6 70
-
-    HOME_DIR=/home/$MY_USERNAME
-    GPG_LOADING="yes"
-    SSH_IMPORTED="no"
-    GPG_CTR=0
-    while [[ $GPG_LOADING == "yes" ]]
-    do
-        detect_usb_drive
-
-        if [ ! -b $USB_DRIVE ]; then
-            if (( GPG_CTR > 0 )); then
-                reconstruct_key
-                return 0
-            fi
-            dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30
-            exit 739836
-        fi
-
-        GPG_USB_MOUNT='/mnt/usb'
-        umount -f $GPG_USB_MOUNT
-        if [ ! -d $GPG_USB_MOUNT ]; then
-            mkdir -p $GPG_USB_MOUNT
-        fi
-
-        if [ -f /dev/mapper/encrypted_usb ]; then
-            rm -rf /dev/mapper/encrypted_usb
-        fi
-        cryptsetup luksClose encrypted_usb
-        cryptsetup luksOpen $USB_DRIVE encrypted_usb
-        if [ "$?" = "0" ]; then
-            USB_DRIVE=/dev/mapper/encrypted_usb
-        fi
-        mount $USB_DRIVE $GPG_USB_MOUNT
-        if [ ! "$?" = "0" ]; then
-            if (( GPG_CTR > 0 )); then
-                rm -rf $GPG_USB_MOUNT
-                reconstruct_key
-                return 0
-            fi
-            dialog --title $"Recover Encryption Keys" \
-                   --msgbox $"There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
-            rm -rf $GPG_USB_MOUNT
-            exit 74393
-        fi
-
-        if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
-            if [ ! -d $GPG_USB_MOUNT/.gnupg_fragments ]; then
-                if (( GPG_CTR > 0 )); then
-                    umount -f $GPG_USB_MOUNT
-                    rm -rf $GPG_USB_MOUNT
-                    reconstruct_key
-                    return 0
-                fi
-                dialog --title $"Recover Encryption Keys" \
-                       --msgbox $"The directory $GPG_USB_MOUNT/.gnupg or $GPG_USB_MOUNT/.gnupg_fragments was not found" 6 70
-                umount -f $GPG_USB_MOUNT
-                rm -rf $GPG_USB_MOUNT
-                exit 723814
-            fi
-        fi
-
-        if [ -d $GPG_USB_MOUNT/.gnupg ]; then
-            if [ ! -d $HOME_DIR/.gnupg ]; then
-                mkdir $HOME_DIR/.gnupg
-            fi
-            cp -r $GPG_USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
-            GPG_LOADING="no"
-            dialog --title $"Recover Encryption Keys" \
-                   --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
-        else
-            if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
-                mkdir $HOME_DIR/.gnupg_fragments
-            fi
-            cp -r $GPG_USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
-        fi
-
-        if [[ $SSH_IMPORTED == "no" ]]; then
-            if [ -d $GPG_USB_MOUNT/.ssh ]; then
-                if [ ! -d $HOME_DIR/.ssh ]; then
-                    mkdir $HOME_DIR/.ssh
-                fi
-                cp $GPG_USB_MOUNT/.ssh/* $HOME_DIR/.ssh
-                dialog --title $"Recover Encryption Keys" \
-                       --msgbox $"ssh keys imported" 6 70
-                SSH_IMPORTED="yes"
-            fi
-        fi
-
-        umount -f $GPG_USB_MOUNT
-        rm -rf $GPG_USB_MOUNT
-        if [[ $GPG_LOADING == "yes" ]]; then
-            dialog --title $"Recover Encryption Keys" \
-                   --msgbox $"Now remove the USB drive. Insert the next drive containing a key fragment, or select Ok to finish" 6 70
-        fi
-        GPG_CTR=$((GPG_CTR + 1))
-    done
-}
-
 function interactive_gpg {
     GPG_CONFIGURED="no"
     while [[ $GPG_CONFIGURED != "yes" ]]

src/freedombone-recoverkey

@@ -108,160 +108,6 @@ fi
 
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 
-function reconstruct_key {
-    if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
-        return
-    fi
-    cd /home/$MY_USERNAME/.gnupg_fragments
-    no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
-    if (( no_of_shares < 4 )); then
-        dialog --title $"Encryption keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
-        exit 7348
-    fi
-    apt-get -yq install libgfshare-bin gnupg
-    gfcombine /home/$MY_USERNAME/.gnupg_fragments/keyshare*
-    if [ ! "$?" = "0" ]; then
-        dialog --title $"Encryption keys" --msgbox $'Unable to reconstruct the key' 6 70
-        exit 7348
-    fi
-
-    KEYS_FILE=/home/$MY_USERNAME/.gnupg_fragments/keyshare.asc
-    if [ ! -f $KEYS_FILE ]; then
-        dialog --title $"Encryption keys" --msgbox $'Unable to reconstruct the key' 6 70
-    fi
-
-    su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
-    if [ ! "$?" = "0" ]; then
-        echo $'Unable to import gpg key'
-        shred -zu $KEYS_FILE
-        rm -rf /home/$MY_USERNAME/.tempgnupg
-        exit 9654
-    fi
-    shred -zu $KEYS_FILE
-
-    dialog --title $"Encryption keys" --msgbox $'Key has been reconstructed' 6 70
-}
-
-function interactive_gpg_from_usb {
-    dialog --title $"Encryption keys" \
-           --msgbox $'Plug in a USB drive containing a copy of your full key or key fragment' 6 70
-
-    HOME_DIR=/home/$MY_USERNAME
-    GPG_LOADING="yes"
-    SSH_IMPORTED="no"
-    GPG_CTR=0
-    while [[ $GPG_LOADING == "yes" ]]
-    do
-        if [ ! -b $GPG_USB_DRIVE ]; then
-            GPG_USB_DRIVE='/dev/sdc1'
-            if [ ! -b $GPG_USB_DRIVE ]; then
-                GPG_USB_DRIVE='/dev/sdd1'
-                if [ ! -b $GPG_USB_DRIVE ]; then
-                    if (( GPG_CTR > 0 )); then
-                        reconstruct_key
-                        return 0
-                    fi
-                    dialog --title $"Encryption keys" --msgbox $'No USB drive found' 6 30
-                    exit 27852
-                fi
-            fi
-        fi
-
-        GPG_USB_MOUNT='/mnt/usb'
-        umount -f $GPG_USB_MOUNT
-        if [ ! -d $GPG_USB_MOUNT ]; then
-            mkdir -p $GPG_USB_MOUNT
-        fi
-
-        if [ -f /dev/mapper/encrypted_usb ]; then
-            rm -rf /dev/mapper/encrypted_usb
-        fi
-        cryptsetup luksClose encrypted_usb
-        cryptsetup luksOpen $GPG_USB_DRIVE encrypted_usb
-        if [ "$?" = "0" ]; then
-            GPG_USB_DRIVE=/dev/mapper/encrypted_usb
-        fi
-        mount $GPG_USB_DRIVE $GPG_USB_MOUNT
-        if [ ! "$?" = "0" ]; then
-            if (( GPG_CTR > 0 )); then
-                rm -rf $GPG_USB_MOUNT
-                reconstruct_key
-                return 0
-            fi
-            dialog --title $"Encryption keys" \
-                   --msgbox $"There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
-            rm -rf $GPG_USB_MOUNT
-            exit 74393
-        fi
-
-        if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
-            if [ ! -d $GPG_USB_MOUNT/.gnupg_fragments ]; then
-                if (( GPG_CTR > 0 )); then
-                    umount -f $GPG_USB_MOUNT
-                    rm -rf $GPG_USB_MOUNT
-                    reconstruct_key
-                    return 0
-                fi
-                if [[ "$GPG_USB_DRIVE" == *"sda1" ]]; then
-                    GPG_USB_DRIVE=/dev/sdb1
-                    write_config_param USB_DRIVE "$GPG_USB_DRIVE"
-                    umount -f $GPG_USB_MOUNT
-                    rm -rf $GPG_USB_MOUNT
-                    ${PROJECT_NAME}-recoverkey -u "$MY_USERNAME" -d sdb
-                    exit 0
-                else
-                    dialog --title $"Encryption keys" \
-                           --msgbox $"The directory $GPG_USB_MOUNT/.gnupg or $GPG_USB_MOUNT/.gnupg_fragments was not found" 6 70
-                    umount -f $GPG_USB_MOUNT
-                    rm -rf $GPG_USB_MOUNT
-                    exit 723814
-                fi
-            fi
-        fi
-
-        if [ -d $GPG_USB_MOUNT/.gnupg ]; then
-            if [ ! -d $HOME_DIR/.gnupg ]; then
-                mkdir $HOME_DIR/.gnupg
-            fi
-            if [ -d $GPG_USB_MOUNT/letsencrypt ]; then
-                test -r $GPG_USB_MOUNT/letsencrypt
-                if [ $? -ne ]; then
-                   cp -rf $GPG_USB_MOUNT/letsencrypt /etc
-                fi
-            fi
-            cp -r $GPG_USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
-            GPG_LOADING="no"
-            dialog --title $"Encryption keys" \
-                   --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
-        else
-            if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
-                mkdir $HOME_DIR/.gnupg_fragments
-            fi
-            cp -r $GPG_USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
-        fi
-
-        if [[ $SSH_IMPORTED == "no" ]]; then
-            if [ -d $GPG_USB_MOUNT/.ssh ]; then
-                if [ ! -d $HOME_DIR/.ssh ]; then
-                    mkdir $HOME_DIR/.ssh
-                fi
-                cp $GPG_USB_MOUNT/.ssh/* $HOME_DIR/.ssh
-                dialog --title $"Encryption keys" \
-                       --msgbox $"ssh keys imported" 6 70
-                SSH_IMPORTED="yes"
-            fi
-        fi
-
-        umount -f $GPG_USB_MOUNT
-        rm -rf $GPG_USB_MOUNT
-        if [[ $GPG_LOADING == "yes" ]]; then
-            dialog --title $"Encryption keys" \
-                   --msgbox $"Now remove the USB drive. Insert the next drive containing a key fragment, or select Ok to finish" 6 70
-        fi
-        GPG_CTR=$((GPG_CTR + 1))
-    done
-}
-
 # if no remote backup list was given then assume recover from USB
 if [ ! $FRIENDS_SERVERS_LIST ]; then
     interactive_gpg_from_usb

src/freedombone-utils-keys

@@ -0,0 +1,166 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# Encryption key related functions
+
+# License
+# =======
+#
+# Copyright (C) 2015-2016 Bob Mottram <bob@robotics.uk.to>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+function reconstruct_key {
+    if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
+        return
+    fi
+    cd /home/$MY_USERNAME/.gnupg_fragments
+    no_of_shares=$(ls -afq keyshare.asc.* | wc -l)
+    if (( no_of_shares < 4 )); then
+        dialog --title $"Recover Encryption Keys" --msgbox $'Not enough fragments to reconstruct the key' 6 70
+        exit 7348
+    fi
+    apt-get -yq install libgfshare-bin gnupg
+    gfcombine /home/$MY_USERNAME/.gnupg_fragments/keyshare*
+    if [ ! "$?" = "0" ]; then
+        dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
+        exit 7348
+    fi
+
+    KEYS_FILE=/home/$MY_USERNAME/.gnupg_fragments/keyshare.asc
+    if [ ! -f $KEYS_FILE ]; then
+        dialog --title $"Recover Encryption Keys" --msgbox $'Unable to reconstruct the key' 6 70
+    fi
+
+    su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
+    if [ ! "$?" = "0" ]; then
+        echo $'Unable to import gpg key'
+        shred -zu $KEYS_FILE
+        rm -rf /home/$MY_USERNAME/.tempgnupg
+        exit 9654
+    fi
+    shred -zu $KEYS_FILE
+
+    dialog --title $"Recover Encryption Keys" --msgbox $'Key has been reconstructed' 6 70
+}
+
+function interactive_gpg_from_usb {
+    dialog --title $"Recover Encryption Keys" \
+           --msgbox $'Plug in a USB keydrive containing a copy of your full key or key fragment' 6 70
+
+    HOME_DIR=/home/$MY_USERNAME
+    GPG_LOADING="yes"
+    SSH_IMPORTED="no"
+    GPG_CTR=0
+    while [[ $GPG_LOADING == "yes" ]]
+    do
+        detect_usb_drive
+
+        if [ ! -b $USB_DRIVE ]; then
+            if (( GPG_CTR > 0 )); then
+                reconstruct_key
+                return 0
+            fi
+            dialog --title $"Recover Encryption Keys" --msgbox $'No USB drive found' 6 30
+            exit 739836
+        fi
+
+        GPG_USB_MOUNT='/mnt/usb'
+        umount -f $GPG_USB_MOUNT
+        if [ ! -d $GPG_USB_MOUNT ]; then
+            mkdir -p $GPG_USB_MOUNT
+        fi
+
+        if [ -f /dev/mapper/encrypted_usb ]; then
+            rm -rf /dev/mapper/encrypted_usb
+        fi
+        cryptsetup luksClose encrypted_usb
+        cryptsetup luksOpen $USB_DRIVE encrypted_usb
+        if [ "$?" = "0" ]; then
+            USB_DRIVE=/dev/mapper/encrypted_usb
+        fi
+        mount $USB_DRIVE $GPG_USB_MOUNT
+        if [ ! "$?" = "0" ]; then
+            if (( GPG_CTR > 0 )); then
+                rm -rf $GPG_USB_MOUNT
+                reconstruct_key
+                return 0
+            fi
+            dialog --title $"Recover Encryption Keys" \
+                   --msgbox $"There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
+            rm -rf $GPG_USB_MOUNT
+            exit 74393
+        fi
+
+        if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
+            if [ ! -d $GPG_USB_MOUNT/.gnupg_fragments ]; then
+                if (( GPG_CTR > 0 )); then
+                    umount -f $GPG_USB_MOUNT
+                    rm -rf $GPG_USB_MOUNT
+                    reconstruct_key
+                    return 0
+                fi
+                dialog --title $"Recover Encryption Keys" \
+                       --msgbox $"The directory $GPG_USB_MOUNT/.gnupg or $GPG_USB_MOUNT/.gnupg_fragments was not found" 6 70
+                umount -f $GPG_USB_MOUNT
+                rm -rf $GPG_USB_MOUNT
+                exit 723814
+            fi
+        fi
+
+        if [ -d $GPG_USB_MOUNT/.gnupg ]; then
+            if [ ! -d $HOME_DIR/.gnupg ]; then
+                mkdir $HOME_DIR/.gnupg
+            fi
+            cp -r $GPG_USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
+            GPG_LOADING="no"
+            dialog --title $"Recover Encryption Keys" \
+                   --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
+        else
+            if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
+                mkdir $HOME_DIR/.gnupg_fragments
+            fi
+            cp -r $GPG_USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
+        fi
+
+        if [[ $SSH_IMPORTED == "no" ]]; then
+            if [ -d $GPG_USB_MOUNT/.ssh ]; then
+                if [ ! -d $HOME_DIR/.ssh ]; then
+                    mkdir $HOME_DIR/.ssh
+                fi
+                cp $GPG_USB_MOUNT/.ssh/* $HOME_DIR/.ssh
+                dialog --title $"Recover Encryption Keys" \
+                       --msgbox $"ssh keys imported" 6 70
+                SSH_IMPORTED="yes"
+            fi
+        fi
+
+        umount -f $GPG_USB_MOUNT
+        rm -rf $GPG_USB_MOUNT
+        if [[ $GPG_LOADING == "yes" ]]; then
+            dialog --title $"Recover Encryption Keys" \
+                   --msgbox $"Now remove the USB drive. Insert the next drive containing a key fragment, or select Ok to finish" 6 70
+        fi
+        GPG_CTR=$((GPG_CTR + 1))
+    done
+}
+
+# NOTE: deliberately there is no "exit 0"