free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Create a backup key

Bob Mottram 10 years ago
parent
56a0445068
commit
f2e93f7535
1 changed files with 52 additions and 0 deletions
Split View Show Diff Stats
  1. 52
    0
      src/freedombone

+ 52
- 0
src/freedombone View File 

@@ -6516,6 +6516,57 @@ function configure_gpg {
6516 6516 
   echo 'configure_gpg' >> $COMPLETION_FILE
6517 6517 
 }
6518 6518
6519 
+function configure_backup_key {
6520 
+  if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
6521 
+      return
6522 
+  fi
6523 
+  if grep -Fxq "configure_backup_key" $COMPLETION_FILE; then
6524 
+      return
6525 
+  fi
6526 
+  apt-get -y install gnupg
6527 
+
6528 
+  BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"" - $MY_USERNAME)
6529 
+  if [ ! "$?" = "0" ]; then
6530 
+      return
6531 
+  fi
6532 
+
6533 
+  # Generate a GPG key for backups
6534 
+  echo 'Key-Type: 1' > /home/$MY_USERNAME/gpg-genkey.conf
6535 
+  echo 'Key-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
6536 
+  echo 'Subkey-Type: 1' >> /home/$MY_USERNAME/gpg-genkey.conf
6537 
+  echo 'Subkey-Length: 4096' >> /home/$MY_USERNAME/gpg-genkey.conf
6538 
+  echo "Name-Real:  $MY_NAME" >> /home/$MY_USERNAME/gpg-genkey.conf
6539 
+  echo "Name-Email: $MY_EMAIL_ADDRESS" >> /home/$MY_USERNAME/gpg-genkey.conf
6540 
+  echo "Name-Comment: backup key" >> /home/$MY_USERNAME/gpg-genkey.conf
6541 
+  echo 'Expire-Date: 0' >> /home/$MY_USERNAME/gpg-genkey.conf
6542 
+  chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/gpg-genkey.conf
6543 
+  su -c "gpg --batch --gen-key /home/$MY_USERNAME/gpg-genkey.conf" - $MY_USERNAME
6544 
+  shred -zu /home/$MY_USERNAME/gpg-genkey.conf
6545 
+  BACKUP_KEY_EXISTS=$(su -c "gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\"" - $MY_USERNAME)
6546 
+  if [ ! "$?" = "0" ]; then
6547 
+      echo 'Backup key could not be created'
6548 
+      exit 43382
6549 
+  fi
6550 
+  MY_BACKUP_KEY_ID=$(su -c "gpg --list-keys \"$MY_EMAIL_ADDRESS (backup key)\" | grep 'pub '" - $MY_USERNAME | awk -F ' ' '{print $2}' | awk -F '/' '{print $2}')
6551 
+  echo "Backup key: $MY_BACKUP_KEY_ID"
6552 
+  MY_BACKUP_KEY=/home/$MY_USERNAME/backup_key.gpg
6553 
+  su -c "gpg --output $MY_BACKUP_KEY --armor --export $MY_BACKUP_KEY_ID" - $MY_USERNAME
6554 
+
6555 
+  if ! grep -q "Backup key" /home/$MY_USERNAME/README; then
6556 
+      echo '' >> /home/$MY_USERNAME/README
6557 
+      echo '' >> /home/$MY_USERNAME/README
6558 
+      echo 'Backup key' >> /home/$MY_USERNAME/README
6559 
+      echo '==========' >> /home/$MY_USERNAME/README
6560 
+      echo 'A GPG key has been created which will be used for making backups' >> /home/$MY_USERNAME/README
6561 
+      echo 'This can be found in the home directory (backup_key.gpg).' >> /home/$MY_USERNAME/README
6562 
+      echo 'You should transfer this to somewhere safe so that it can be restored.' >> /home/$MY_USERNAME/README
6563 
+  fi
6564 
+  chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/README
6565 
+  chmod 600 /home/$MY_USERNAME/README
6566 
+
6567 
+  echo 'configure_backup_key' >> $COMPLETION_FILE
6568 
+}
6569 
+
6519 6570 
 function encrypt_incoming_email {
6520 6571 
   # encrypts incoming mail using your GPG public key
6521 6572 
   # so even if an attacker gains access to the data at rest they still need
 
@@ -10221,6 +10272,7 @@ spam_filtering
10221 10272 
 configure_imap
10222 10273 
 #configure_imap_client_certs
10223 10274 
 configure_gpg
10275 
+configure_backup_key
10224 10276 
 encrypt_incoming_email
10225 10277 
 encrypt_outgoing_email
10226 10278 
 email_client