2016-04-19 13:40:46 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
. $srcdir/defs.inc || exit 3
|
|
|
|
|
|
|
|
check_exported_public_key()
|
|
|
|
{
|
|
|
|
$GPG --list-packets $1 >$1.packets
|
|
|
|
grep '^:public key packet:' $1.packets >/dev/null
|
|
|
|
grep "^ keyid: .*$KEY$" $1.packets >/dev/null
|
|
|
|
grep '^:user ID packet:' $1.packets >/dev/null
|
|
|
|
grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
|
|
|
|
rm $1.packets
|
|
|
|
}
|
|
|
|
|
|
|
|
check_armored_public_key()
|
|
|
|
{
|
|
|
|
grep '^-----BEGIN PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
|
|
|
|
grep '^-----END PGP PUBLIC KEY BLOCK-----$' $1 >/dev/null
|
|
|
|
check_exported_public_key $1
|
|
|
|
}
|
|
|
|
|
|
|
|
check_exported_private_key()
|
|
|
|
{
|
|
|
|
$GPG --list-packets $1 >$1.packets
|
|
|
|
grep '^:secret key packet:' $1.packets >/dev/null
|
|
|
|
grep "^ keyid: .*$KEY$" $1.packets >/dev/null
|
|
|
|
grep '^:user ID packet:' $1.packets >/dev/null
|
|
|
|
grep "^:signature packet:.*keyid.*$KEY" $1.packets >/dev/null
|
|
|
|
rm $1.packets
|
|
|
|
}
|
|
|
|
|
|
|
|
check_armored_private_key()
|
|
|
|
{
|
|
|
|
grep '^-----BEGIN PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
|
|
|
|
grep '^-----END PGP PRIVATE KEY BLOCK-----$' $1 >/dev/null
|
|
|
|
check_exported_private_key $1
|
|
|
|
}
|
|
|
|
|
2016-04-19 16:23:42 +02:00
|
|
|
logfile="`pwd`/pinentry.log"
|
|
|
|
ppfile="`pwd`/passphrases"
|
|
|
|
rm -f -- $logfile $ppfile
|
|
|
|
touch $ppfile
|
|
|
|
|
|
|
|
prepare_passphrase()
|
|
|
|
{
|
|
|
|
echo $* >>$ppfile
|
|
|
|
}
|
|
|
|
|
|
|
|
prepare_passphrase_confirm()
|
|
|
|
{
|
|
|
|
echo "fake-entry being started to CONFIRM the weak phrase" >>$ppfile
|
|
|
|
}
|
|
|
|
|
|
|
|
assert_passphrases_consumed()
|
|
|
|
{
|
|
|
|
if test -s $ppfile; then
|
|
|
|
echo "Expected $ppfile to be empty, but these are enqueued:" >&2
|
|
|
|
cat "$ppfile" >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
rm -f -- $logfile
|
|
|
|
}
|
|
|
|
|
2016-04-19 13:40:46 +02:00
|
|
|
# XXX: Currently, gpg does not allow one to export private keys
|
2016-04-19 16:23:42 +02:00
|
|
|
# without a passphrase (issue2070, issue2324).
|
|
|
|
export PINENTRY_USER_DATA="--logfile=$logfile --passphrasefile=$ppfile"
|
2016-04-19 13:40:46 +02:00
|
|
|
|
|
|
|
info "Checking key export."
|
|
|
|
for KEY in D74C5F22 C40FDECF ECABF51D
|
|
|
|
do
|
|
|
|
progress $KEY
|
|
|
|
|
|
|
|
$GPG --export $KEY >$KEY.public
|
|
|
|
check_exported_public_key $KEY.public
|
|
|
|
rm $KEY.public
|
|
|
|
|
|
|
|
$GPG --armor --export $KEY >$KEY.public
|
|
|
|
check_armored_public_key $KEY.public
|
|
|
|
rm $KEY.public
|
|
|
|
|
2016-04-19 16:23:42 +02:00
|
|
|
if [ $KEY = D74C5F22 ]; then
|
|
|
|
# Key D74C5F22 is protected by a passphrase. Prepare this
|
|
|
|
# one. Currently, GnuPG does not ask for an export passphrase
|
|
|
|
# in this case.
|
|
|
|
prepare_passphrase "$usrpass1"
|
|
|
|
else
|
|
|
|
# We use a weak passphrase which we'll have to confirm.
|
|
|
|
prepare_passphrase "export passphrase"
|
|
|
|
prepare_passphrase_confirm
|
|
|
|
prepare_passphrase "export passphrase"
|
|
|
|
|
|
|
|
# Key C40FDECF has a subkey.
|
|
|
|
if [ $KEY = C40FDECF ]; then
|
|
|
|
prepare_passphrase "export passphrase"
|
|
|
|
prepare_passphrase_confirm
|
|
|
|
prepare_passphrase "export passphrase"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2016-04-19 13:40:46 +02:00
|
|
|
$GPG --export-secret-keys $KEY >$KEY.private
|
|
|
|
check_exported_private_key $KEY.private
|
|
|
|
rm $KEY.private
|
|
|
|
|
2016-04-19 16:23:42 +02:00
|
|
|
assert_passphrases_consumed
|
|
|
|
|
|
|
|
if [ $KEY = D74C5F22 ]; then
|
|
|
|
# Key D74C5F22 is protected by a passphrase. Prepare this
|
|
|
|
# one. Currently, GnuPG does not ask for an export passphrase
|
|
|
|
# in this case.
|
|
|
|
prepare_passphrase "$usrpass1"
|
|
|
|
else
|
|
|
|
# We use a stronger passphrase here.
|
|
|
|
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
|
|
|
|
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
|
|
|
|
|
|
|
|
# Key C40FDECF has a subkey.
|
|
|
|
if [ $KEY = C40FDECF ]; then
|
|
|
|
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
|
|
|
|
prepare_passphrase "strong export passphrase H0LHWCHPkNa36A"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2016-04-19 13:40:46 +02:00
|
|
|
$GPG --armor --export-secret-keys $KEY >$KEY.private
|
|
|
|
check_armored_private_key $KEY.private
|
|
|
|
rm $KEY.private
|
2016-04-19 16:23:42 +02:00
|
|
|
|
|
|
|
assert_passphrases_consumed
|
2016-04-19 13:40:46 +02:00
|
|
|
done
|
|
|
|
|
|
|
|
progress_end
|