Przeglądaj źródła

Master keydrive exports keys to file

Bob Mottram 8 lat temu
rodzic
commit
9ec93fff3a
2 zmienionych plików z 66 dodań i 10 usunięć
  1. 42
    0
      src/freedombone-keydrive
  2. 24
    10
      src/freedombone-utils-keys

+ 42
- 0
src/freedombone-keydrive Wyświetl plik

@@ -134,7 +134,49 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
134 134
       rm -rf $USB_MOUNT
135 135
       exit 73025
136 136
   fi
137
+
138
+  # export the gpg key and backup key as text
139
+  # so that it may be imported at the beginning of new installs
140
+  USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
141
+  GPG_ID=$(gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
142
+  GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
143
+
144
+  gpgerrstr=$'error'
145
+  gpgkey=$(gpg --armor --export $GPG_ID)
146
+  if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
147
+      echo $'Problem exporting public gpg key'
148
+      echo "$gpgkey"
149
+      exit 735282
150
+  fi
151
+  gpgprivkey=$(gpg --armor --export-secret-key $GPG_ID)
152
+  if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
153
+      echo $'Problem exporting private gpg key'
154
+      echo "$gpgprivkey"
155
+      gpgprivkey=
156
+      exit 629362
157
+  fi
158
+
159
+  backupgpgkey=$(gpg --armor --export $GPG_BACKUP_ID)
160
+  if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
161
+      echo $'Problem exporting public gpg key'
162
+      echo "$gpgkey"
163
+      exit 735282
164
+  fi
165
+  backupgpgprivkey=$(gpg --armor --export-secret-key $GPG_BACKUP_ID)
166
+  if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
167
+      echo $'Problem exporting private gpg key'
168
+      echo "$gpgprivkey"
169
+      gpgprivkey=
170
+      exit 629362
171
+  fi
172
+
173
+  echo "$gpgkey" > $USB_MOUNT/.mastergpgkey
174
+  echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey
175
+  echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
176
+  echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
177
+
137 178
   cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
179
+
138 180
   if [ -d /etc/letsencrypt ]; then
139 181
       cp -rf /etc/letsencrypt $USB_MOUNT
140 182
       echo $"LetsEncrypt keys copied to $USB_DRIVE"

+ 24
- 10
src/freedombone-utils-keys Wyświetl plik

@@ -119,20 +119,34 @@ function interactive_gpg_from_usb {
119 119
             cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
120 120
         fi
121 121
 
122
-        if [ -d $USB_MOUNT/.gnupg ]; then
123
-            if [ ! -d $HOME_DIR/.gnupg ]; then
124
-                mkdir $HOME_DIR/.gnupg
122
+        if [ -f $USB_MOUNT/.mastergpgkey && -f $USB_MOUNT/.backupgpgkey ]; then
123
+            # Recovering keys from file rather than just copying the gnupg
124
+            # directory may help to avoid problems during upgrades/reinstalls
125
+            su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey" - $MY_USERNAME
126
+            su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey" - $MY_USERNAME
127
+            if [ -d /home/$MY_USERNAME/.gnupg ]; then
128
+                chmod 700 /home/$MY_USERNAME/.gnupg
129
+                chmod -R 600 /home/$MY_USERNAME/.gnupg/*
130
+                chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
125 131
             fi
126
-            echo $'Recovering GPG keys'
127
-            cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
128
-            GPG_LOADING="no"
129 132
             dialog --title $"Recover Encryption Keys" \
130
-                   --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
133
+                   --msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
131 134
         else
132
-            if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
133
-                mkdir $HOME_DIR/.gnupg_fragments
135
+            if [ -d $USB_MOUNT/.gnupg ]; then
136
+                if [ ! -d $HOME_DIR/.gnupg ]; then
137
+                    mkdir $HOME_DIR/.gnupg
138
+                fi
139
+                echo $'Recovering GPG keys'
140
+                cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
141
+                GPG_LOADING="no"
142
+                dialog --title $"Recover Encryption Keys" \
143
+                       --msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
144
+            else
145
+                if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
146
+                    mkdir $HOME_DIR/.gnupg_fragments
147
+                fi
148
+                cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
134 149
             fi
135
-            cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
136 150
         fi
137 151
 
138 152
         if [[ $SSH_IMPORTED == "no" ]]; then