free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Load key fragments from multiple USB drives

Bob Mottram 9 years ago
parent
315587ea3a
commit
b376e0ba7c
3 changed files with 121 additions and 52 deletions
Split View Show Diff Stats
  1. 1
    1
      src/freedombone
  2. 119
    48
      src/freedombone-config
  3. 1
    3
      src/freedombone-recoverkey

+ 1
- 1
src/freedombone View File 

@@ -3819,7 +3819,7 @@ function backup_to_friends_servers {
3819 3819 
       echo '        if [ $REMOTE_DOMAIN ]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3820 3820 
       echo "            cd /home/$MY_USERNAME/.gnupg_fragments" >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3821 3821 
       echo '            no_of_shares=$(ls -afq keyshare* | wc -l)' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3822 
-      echo '            no_of_shares=$((no_of_fragments - 2))' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3822 
+      echo '            no_of_shares=$((no_of_shares - 2))' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3823 3823 
       echo '            if [[ ${no_of_shares} > 0 ]]; then' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3824 3824 
       echo '                # Pick a share index based on the domain name' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME
3825 3825 
       echo '                # This ensures that the same share is always given to the same domain' >> /usr/bin/$BACKUP_TO_FRIENDS_SCRIPT_NAME

+ 119
- 48
src/freedombone-config View File 

@@ -271,65 +271,136 @@ function interactive_gpg_from_remote {
271 271 
   return 0
272 272 
 }
273 273
274 
+function reconstruct_key {
275 
+    if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then
276 
+        return
277 
+    fi
278 
+    cd /home/$MY_USERNAME/.gnupg_fragments
279 
+    no_of_shares=$(ls -afq keyshare* | wc -l)
280 
+    no_of_shares=$((no_of_shares - 2))
281 
+    if [[ ${no_of_shares} < 4 ]]; then
282 
+        dialog --title "Encryption keys" --msgbox 'Not enough fragments to reconstruct the key' 6 70
283 
+        exit 7348
284 
+    fi
285 
+    gfcombine /home/$MY_USERNAME/.gnupg_fragments/keyshare*
286 
+    if [ ! "$?" = "0" ]; then
287 
+        dialog --title "Encryption keys" --msgbox 'Unable to reconstruct the key' 6 70
288 
+        exit 7348
289 
+    fi
290 
+
291 
+    KEYS_FILE=/home/$MY_USERNAME/.gnupg_fragments/keyshare.asc
292 
+    if [ ! -f $KEYS_FILE ]; then
293 
+        dialog --title "Encryption keys" --msgbox 'Unable to reconstruct the key' 6 70
294 
+    fi
295 
+
296 
+    su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
297 
+    if [ ! "$?" = "0" ]; then
298 
+        echo 'Unable to import gpg key'
299 
+        shred -zu $KEYS_FILE
300 
+        rm -rf /home/$MY_USERNAME/.tempgnupg
301 
+        exit 9654
302 
+    fi
303 
+
304 
+    dialog --title "Encryption keys" --msgbox 'Key has been reconstructed' 6 70
305 
+}
306 
+
274 307 
 function interactive_gpg_from_usb {
275 
-  dialog --title "Encryption keys" --msgbox 'Plug in a USB drive containing a copy of your .gnupg directory' 6 70
308 
+  dialog --title "Encryption keys" --msgbox 'Plug in a USB drive containing a copy of your full key or key fragment' 6 70
276 309
277 
-  if [[ $INSTALLING_ON_BBB == "yes" ]]; then
278 
-      GPG_USB_DRIVE='/dev/sda1'
279 
-      if [ ! -b $GPG_USB_DRIVE ]; then
280 
-          dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
281 
-          exit 739836
282 
-      fi
283 
-  else
284 
-      GPG_USB_DRIVE='/dev/sdb1'
285 
-      if [ ! -b $GPG_USB_DRIVE ]; then
286 
-          GPG_USB_DRIVE='/dev/sdc1'
310 
+  GPG_LOADING="yes"
311 
+  GPG_CTR=0
312 
+  while [[ $GPG_LOADING == "yes" ]]
313 
+  do
314 
+      if [[ $INSTALLING_ON_BBB == "yes" ]]; then
315 
+          GPG_USB_DRIVE='/dev/sda1'
287 316 
           if [ ! -b $GPG_USB_DRIVE ]; then
288 
-              GPG_USB_DRIVE='/dev/sdd1'
317 
+              if [[ ${GPG_CTR} > 0 ]]; then
318 
+                  reconstruct_key
319 
+                  return 0
320 
+              fi
321 
+              dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
322 
+              exit 739836
323 
+          fi
324 
+      else
325 
+          GPG_USB_DRIVE='/dev/sdb1'
326 
+          if [ ! -b $GPG_USB_DRIVE ]; then
327 
+              GPG_USB_DRIVE='/dev/sdc1'
289 328 
               if [ ! -b $GPG_USB_DRIVE ]; then
290 
-                  dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
291 
-                  exit 27852
329 
+                  GPG_USB_DRIVE='/dev/sdd1'
330 
+                  if [ ! -b $GPG_USB_DRIVE ]; then
331 
+                      if [[ ${GPG_CTR} > 0 ]]; then
332 
+                          reconstruct_key
333 
+                          return 0
334 
+                      fi
335 
+                      dialog --title "Encryption keys" --msgbox 'No USB drive found' 6 30
336 
+                      exit 27852
337 
+                  fi
292 338 
               fi
293 339 
           fi
294 340 
       fi
295 
-  fi
296 341
297 
-  GPG_USB_MOUNT='/mnt/usb'
298 
-  umount -f $GPG_USB_MOUNT
299 
-  if [ ! -d $GPG_USB_MOUNT ]; then
300 
-      mkdir -p $GPG_USB_MOUNT
301 
-  fi
342 
+      GPG_USB_MOUNT='/mnt/usb'
343 
+      umount -f $GPG_USB_MOUNT
344 
+      if [ ! -d $GPG_USB_MOUNT ]; then
345 
+          mkdir -p $GPG_USB_MOUNT
346 
+      fi
302 347
303 
-  if [ -f /dev/mapper/encrypted_usb ]; then
304 
-      rm -rf /dev/mapper/encrypted_usb
305 
-  fi
306 
-  cryptsetup luksClose encrypted_usb
307 
-  cryptsetup luksOpen $GPG_USB_DRIVE encrypted_usb
308 
-  if [ "$?" = "0" ]; then
309 
-      GPG_USB_DRIVE=/dev/mapper/encrypted_usb
310 
-  fi
311 
-  mount $GPG_USB_DRIVE $GPG_USB_MOUNT
312 
-  if [ ! "$?" = "0" ]; then
313 
-      dialog --title "Encryption keys" --msgbox "There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
314 
-      rm -rf $GPG_USB_MOUNT
315 
-      exit 74393
316 
-  fi
348 
+      if [ -f /dev/mapper/encrypted_usb ]; then
349 
+          rm -rf /dev/mapper/encrypted_usb
350 
+      fi
351 
+      cryptsetup luksClose encrypted_usb
352 
+      cryptsetup luksOpen $GPG_USB_DRIVE encrypted_usb
353 
+      if [ "$?" = "0" ]; then
354 
+          GPG_USB_DRIVE=/dev/mapper/encrypted_usb
355 
+      fi
356 
+      mount $GPG_USB_DRIVE $GPG_USB_MOUNT
357 
+      if [ ! "$?" = "0" ]; then
358 
+          if [[ ${GPG_CTR} > 0 ]]; then
359 
+              rm -rf $GPG_USB_MOUNT
360 
+              reconstruct_key
361 
+              return 0
362 
+          fi
363 
+          dialog --title "Encryption keys" \
364 
+                 --msgbox "There was a problem mounting the USB drive to $GPG_USB_MOUNT" 6 70
365 
+          rm -rf $GPG_USB_MOUNT
366 
+          exit 74393
367 
+      fi
317 368
318 
-  if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
319 
-      dialog --title "Encryption keys" --msgbox "The directory $GPG_USB_MOUNT/.gnupg was not found" 6 70
320 
-      umount $GPG_USB_MOUNT
321 
-      rm -rf $GPG_USB_MOUNT
322 
-      exit 723814
323 
-  fi
369 
+      if [ ! -d $GPG_USB_MOUNT/.gnupg ]; then
370 
+          if [ ! -d $GPG_USB_MOUNT/.gnupg_fragments ]; then
371 
+              if [[ ${GPG_CTR} > 0 ]]; then
372 
+                  umount $GPG_USB_MOUNT
373 
+                  rm -rf $GPG_USB_MOUNT
374 
+                  reconstruct_key
375 
+                  return 0
376 
+              fi
377 
+              dialog --title "Encryption keys" \
378 
+                     --msgbox "The directory $GPG_USB_MOUNT/.gnupg or $GPG_USB_MOUNT/.gnupg_fragments was not found" 6 70
379 
+              umount $GPG_USB_MOUNT
380 
+              rm -rf $GPG_USB_MOUNT
381 
+              exit 723814
382 
+          fi
383 
+      fi
324 384
325 
-  cp -r $GPG_USB_MOUNT/.gnupg /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
385 
+      if [ -d $GPG_USB_MOUNT/.gnupg ]; then
386 
+          cp -r $GPG_USB_MOUNT/.gnupg /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
387 
+          GPG_LOADING="no"
388 
+      else
389 
+          cp -r $GPG_USB_MOUNT/.gnupg_fragments /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')
390 
+      fi
326 391
327 
-  if [ -d $GPG_USB_MOUNT/.ssh ]; then
328 
-      cp $GPG_USB_MOUNT/.ssh/* /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')/.ssh
329 
-  fi
392 
+      if [ -d $GPG_USB_MOUNT/.ssh ]; then
393 
+          cp $GPG_USB_MOUNT/.ssh/* /home/$(grep 'MY_USERNAME' temp.cfg | awk -F '=' '{print $2}')/.ssh
394 
+      fi
330 395
331 
-  umount $GPG_USB_MOUNT
332 
-  rm -rf $GPG_USB_MOUNT
396 
+      umount $GPG_USB_MOUNT
397 
+      rm -rf $GPG_USB_MOUNT
398 
+      if [[ $GPG_LOADING == "yes" ]]; then
399 
+          dialog --title "Encryption keys" \
400 
+                 --msgbox "Now remove the USB drive. Insert the next drive containing a key fragment, or select Ok to finish" 6 70
401 
+      fi
402 
+      GPG_CTR=$((GPG_CTR + 1))
403 
+  done
333 404 
 }
334 405
335 406 
 function interactive_gpg {
 
@@ -342,7 +413,7 @@ function interactive_gpg {
342 413 
       dialog --backtitle "Freedombone Configuration" \
343 414 
           --radiolist "GPG/PGP keys for your system:" 13 70 3 \
344 415 
           1 "Generate new keys (new user)" on \
345 
-          2 "Import keys from a USB drive" off \
416 
+          2 "Import keys from USB drive/s" off \
346 417 
           3 "Retrieve keys from friends servers" off 2> $data
347 418 
       sel=$?
348 419 
       case $sel in
 
@@ -354,7 +425,7 @@ function interactive_gpg {
354 425 
           2) interactive_gpg_from_usb
355 426 
              return;;
356 427 
           3) interactive_gpg_from_remote
357 
-			 if [ ! "$?" = "0" ]; then
428 
+             if [ ! "$?" = "0" ]; then
358 429 
                  GPG_CONFIGURED="no"
359 430 
              fi;;
360 431 
       esac

+ 1
- 3
src/freedombone-recoverkey View File 

@@ -117,7 +117,7 @@ if [ $FRIENDS_SERVERS_LIST ]; then
117 117 
             fi
118 118 
         fi
119 119 
     done < $FRIENDS_SERVERS_LIST
120 
-fi
120 
+fi
121 121
122 122 
 # was a directory created?
123 123 
 if [ ! -d $FRAGMENTS_DIR ]; then
 
@@ -154,13 +154,11 @@ su -c "gpg --allow-secret-key-import --import $KEYS_FILE" - $MY_USERNAME
154 154 
 if [ ! "$?" = "0" ]; then
155 155 
     echo 'Unable to import gpg key'
156 156 
     shred -zu $KEYS_FILE
157 
-    rm -rf /home/$MY_USERNAME/.tempgnupg
158 157 
     exit 3682
159 158 
 fi
160 159 
 shred -zu $KEYS_FILE
161 160 
 chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
162 161 
 chmod -R 600 /home/$MY_USERNAME/.gnupg
163 
-rm -rf /home/$MY_USERNAME/.tempgnupg
164 162
165 163 
 echo 'GPG key was recovered'
166 164