Makefile

@@ -74,11 +74,6 @@ install: all installman
 	install -m 0644 src/share/common $(DESTDIR)$(PREFIX)/share/monkeysphere
 	install -m 0644 replaced/src/share/defaultenv $(DESTDIR)$(PREFIX)/share/monkeysphere
 	install -m 0755 src/share/checkperms $(DESTDIR)$(PREFIX)/share/monkeysphere
-	install -m 0755 src/share/keytrans $(DESTDIR)$(PREFIX)/share/monkeysphere
-	ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/pem2openpgp
-	ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2ssh
-	ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2pem
-	ln -sf ../share/monkeysphere/keytrans $(DESTDIR)$(PREFIX)/bin/openpgp2spki
 	install -m 0755 src/agent-transfer/agent-transfer $(DESTDIR)$(PREFIX)/bin
 	install -m 0744 replaced/src/transitions/* $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
 	install -m 0644 src/transitions/README.txt $(DESTDIR)$(PREFIX)/share/monkeysphere/transitions
@@ -97,15 +92,13 @@ installman: $(REPLACED_COMPRESSED_MANPAGES)
 	install replaced/man/man1/* $(DESTDIR)$(MANPREFIX)/man1
 	install replaced/man/man7/* $(DESTDIR)$(MANPREFIX)/man7
 	install replaced/man/man8/* $(DESTDIR)$(MANPREFIX)/man8
-	ln -sf openpgp2ssh.1.gz $(DESTDIR)$(MANPREFIX)/man1/openpgp2pem.1.gz
-	ln -sf openpgp2ssh.1.gz $(DESTDIR)$(MANPREFIX)/man1/openpgp2spki.1.gz
 
 # this target depends on you having the monkeysphere-docs
 # repo checked out as a peer of your monkeysphere repo.
 releasenote:
 	../monkeysphere-docs/utils/build-releasenote
 
-test: test-keytrans test-basic test-ed25519
+test: test-basic test-ed25519
 
 check: test
 
@@ -115,7 +108,4 @@ test-basic: src/agent-transfer/agent-transfer
 test-ed25519: src/agent-transfer/agent-transfer
 	MONKEYSPHERE_TEST_NO_EXAMINE=true MONKEYSPHERE_TEST_USE_ED25519=true ./tests/basic
 
-test-keytrans: src/agent-transfer/agent-transfer
-	MONKEYSPHERE_TEST_NO_EXAMINE=true ./tests/keytrans
-
 .PHONY: all tarball debian-package freebsd-distinfo clean install installman releasenote test check

man/man1/openpgp2ssh.1

-.\"  -*- nroff -*-
-.Dd $Mdocdate: January 18, 2013 $
-.Dt OPENPGP2SSH 1
-.Os
-.Sh NAME
-openpgp2ssh
-.Nd translate OpenPGP keys to SSH keys
-.Sh SYNOPSIS
-.Nm openpgp2ssh < mykey.gpg 
-.Pp
-.Nm gpg \-\-export $KEYID | openpgp2ssh $KEYID
-.Pp
-.Nm gpg \-\-export $KEYID | openpgp2pem $KEYID
-.Pp
-.Nm gpg \-\-export $KEYID | openpgp2spki $KEYID
-.Pp
-.Nm gpg \-\-export\-secret\-key $KEYID | openpgp2ssh $KEYID
-.Sh DESCRIPTION
-.Nm
-takes an OpenPGP-formatted primary key and associated
-subkeys on standard input, and spits out the requested equivalent
-SSH-style (or PEM-encoded) key on standard output.
-.Pp
-If the data on standard input contains no subkeys, you can invoke
-.Nm
-without arguments.  If the data on standard input contains multiple
-keys (e.g. a primary key and associated subkeys), you must specify a
-specific OpenPGP key identifier as the first argument to indicate
-which key to export.  The key ID is normally the 40 hex digit OpenPGP
-fingerprint of the key or subkey desired, but
-.Nm
-will accept as few as the last 8 digits of the fingerprint as a key
-ID.
-.Pp
-If the input contains an OpenPGP RSA public key, it will be converted
-to the OpenSSH-style single-line keystring, prefixed with the key type
-(`ssh\-rsa').  This format is suitable (with minor alterations) for
-insertion into known_hosts files and authorized_keys files.  If
-invoked as `openpgp2pem', a PEM-encoded public key will be emitted
-instead.
-.Pp
-If invoked as `openpgp2spki', a PEM-encoded subjectPublicKeyInfo (as
-defined in the X.509 standard) will be emitted instead.
-.Pp
-If the input contains an OpenPGP RSA secret key, it will be converted
-to the equivalent PEM-encoded private key.
-.Pp
-.Nm
-is part of the
-.Xr monkeysphere 7
-framework for providing a PKI for SSH.
-.Sh CAVEATS
-The keys produced by this process are stripped of all identifying
-information, including certifications, self-signatures, etc.  This is
-intentional, since ssh attaches no inherent significance to these
-features.
-.Pp
-.Nm
-will produce output for any requested RSA key.  This means, among
-other things, that it will happily export revoked keys, unverifiable
-keys, expired keys, etc.  Make sure you do your own key validation
-before using this tool!
-.Sh EXAMPLES
-.Nm gpg \-\-export\-secret\-key $KEYID | openpgp2ssh $KEYID | ssh\-add \-c /dev/stdin
-.Pp
-This pushes the secret key into the active
-.Xr ssh\-agent 1 . 
-Tools such as 
-.Xr ssh 1
-which know how to talk to the 
-.Xr ssh\-agent 1
-can now rely on the key.
-.Sh AUTHOR
-.Nm
-and this man page were written by Daniel Kahn Gillmor
-<dkg@fifthhorseman.net>.
-.Sh BUGS
-.Nm
-only works with RSA keys.  DSA keys are the only other key type
-available in both OpenPGP and SSH, but they are currently unsupported
-by this utility.
-.Pp
-.Nm
-only accepts raw OpenPGP packets on standard input.  It does not
-accept ASCII-armored input.
-.Nm
-Currently only exports into formats used by the OpenSSH.
-It should support other key output formats, such as those used by
-.Xr lsh 1
-and
-.Xr putty 1 .
-.Pp
-Secret key output is currently not passphrase-protected.
-.Pp
-.Nm
-currently cannot handle passphrase-protected secret keys on input.
-.Sh SEE ALSO
-.Xr pem2openpgp 1 ,
-.Xr monkeysphere 1 ,
-.Xr monkeysphere 7 ,
-.Xr ssh 1 ,
-.Xr monkeysphere-authentication 8 ,
-.Xr monkeysphere-host 8

man/man1/pem2openpgp.1

-.\"  -*- nroff -*-
-.Dd $Mdocdate: Jan 22, 2019 $
-.Dt PEM2OPENPGP 1
-.Os
-.Sh NAME
-pem2openpgp
-.Nd translate PEM-encoded RSA keys to OpenPGP certificates
-.Sh SYNOPSIS
-.Nm pem2openpgp "$USERID" < mykey.pem | gpg \-\-import
-.Pp
-.Nm PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS)) PEM2OPENPGP_USAGE_FLAGS=authenticate,certify pem2openpgp "$USERID" <mykey.pem
-.Sh DESCRIPTION
-.Nm
-is a low-level utility for transforming raw, PEM-encoded RSA secret
-keys into OpenPGP-formatted certificates.  The generated certificates
-include the secret key material, so they should be handled carefully.
-.Pp
-It works as an element within a pipeline: feed it the raw key on
-stdin, supply the desired User ID as a command line argument.  Note
-that you may need to quote the string to ensure that it is entirely in
-a single argument.
-.Pp
-Other choices about how to generate the new OpenPGP certificate are
-governed by environment variables.
-.Sh ENVIRONMENT
-The following environment variables influence the behavior of
-.Nm :
-.Pp
-.ti 3
-\fBPEM2OPENPGP_TIMESTAMP\fP controls the timestamp (measured in
-seconds since the UNIX epoch) indicated as the creation time (a.k.a
-"not valid before") of the generated certificate (self-signature) and
-the key itself.  By default,
-.Nm
-uses the current time.
-.Pp
-.ti 3
-\fBPEM2OPENPGP_KEY_TIMESTAMP\fP controls the timestamp (measured in
-seconds since the UNIX epoch) indicated as the creation time of just
-the key itself (not the self-signature).  By default,
-.Nm
-uses the value from PEM2OPENPGP_TIMESTAMP.
-.Pp
-.ti 3
-\fBPEM2OPENPGP_USAGE_FLAGS\fP should contain a comma-separated list of
-valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what
-these mean).  The available choices are: certify, sign, encrypt_comms,
-encrypt_storage, encrypt (this means both encrypt_comms and
-encrypt_storage), authenticate, split, shared.  By default, 
-.Nm
-only sets the certify flag.
-.Pp
-.ti 3
-\fBPEM2OPENPGP_EXPIRATION\fP sets an expiration (measured in seconds
-after the creation time of the key) in each self-signature packet.  By
-default, no expiration subpacket is included.
-.Pp
-.ti 3
-\fBPEM2OPENPGP_NEWKEY\fP indicates that
-.Nm
-should ignore stdin, and instead generate a new key internally and
-build the certificate based on this new key.  Set this variable to the
-number of bits for the new RSA key (e.g. 3072).  By default (when this is
-unset), 
-.Nm
-will read the key from stdin.
-.Sh AUTHOR
-.Nm
-and this man page were written by Daniel Kahn Gillmor
-<dkg@fifthhorseman.net>.
-.Sh BUGS
-Only handles RSA keys at the moment.  It might be nice to handle DSA
-keys as well.
-.Pp
-Currently only creates certificates with a single User ID.  Should be
-able to create certificates with multiple User IDs.
-.Pp
-Currently only accepts unencrypted RSA keys.  It should be able to
-deal with passphrase-locked key material.
-.Pp
-Currently outputs OpenPGP certificates with cleartext secret key
-material.  It would be good to be able to lock the output with a
-passphrase.
-.Pp
-If you find other bugs, please report them at
-https://labs.riseup.net/code/projects/show/monkeysphere
-.Sh SEE ALSO
-.Xr openpgp2ssh 1 ,
-.Xr monkeysphere 1 ,
-.Xr monkeysphere 7 ,
-.Xr ssh 1 ,
-.Xr monkeysphere\-host 8 ,
-.Xr monkeysphere\-authentication 8

man/man7/monkeysphere.7

@@ -82,8 +82,6 @@ Daniel Kahn Gillmor <dkg@fifthhorseman.net>
 .BR monkeysphere (1),
 .BR monkeysphere\-host (8),
 .BR monkeysphere\-authentication (8),
-.BR openpgp2ssh (1),
-.BR pem2openpgp (1),
 .BR gpg (1),
 .BR https://tools.ietf.org/html/rfc4880,
 .BR ssh (1),

src/share/ma/setup

@@ -45,8 +45,12 @@ EOF
         fi
     done
 
+    # make sure the monkeysphere user owns the sphere gnupghome
+    log debug "fixing sphere gnupg home ownership..."
+    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" -- "${GNUPGHOME_SPHERE}"
+
     log debug "writing sphere gpg.conf..."
-    cat >"${GNUPGHOME_SPHERE}"/gpg.conf <<EOF
+    run_as_monkeysphere_user sh -c "$(printf 'cat > %q/gpg.conf' "${GNUPGHOME_SPHERE}")" <<EOF
 # Monkeysphere trust sphere GnuPG configuration
 # This file is maintained by the Monkeysphere software.
 # Edits will be overwritten.
@@ -56,11 +60,6 @@ keyid-format 0xlong
 ${KEYSERVER_OPTIONS}
 EOF
 
-    # make sure the monkeysphere user owns everything in the sphere
-    # gnupghome
-    log debug "fixing sphere gnupg home ownership..."
-    chown "$MONKEYSPHERE_USER:$MONKEYSPHERE_GROUP" "${GNUPGHOME_SPHERE}" "${GNUPGHOME_SPHERE}"/gpg.conf
-
     # get fingerprint of core key.  this should be empty on unconfigured systems.
     local CORE_FPR=$(core_fingerprint)
     log debug "core fingerprint: $CORE_FPR"

src/share/ma/update_users

@@ -60,13 +60,11 @@ for uname in $unames ; do
 
      # create temporary authorized_keys file
     tmpAuthorizedKeys="${TMPLOC}/authorized_keys"
-    touch -- "$tmpAuthorizedKeys"
 
     # set restrictive permissions on the temporary files
-    # FIXME: is there a better way to do this?
     chmod 0700 -- "$TMPLOC"
-    chmod 0600 -- "$tmpAuthorizedKeys"
-    chown -R "$MONKEYSPHERE_USER" -- "$TMPLOC"
+    chown --no-dereference "$MONKEYSPHERE_USER" -- "$TMPLOC"
+    run_as_monkeysphere_user sh -c "$(printf 'umask 077 && touch -- %q' "$tmpAuthorizedKeys")"
 
     # process authorized_user_ids file
     log debug "checking for authorized_user_ids..."

tests/keytrans

-#!/usr/bin/env bash
-
-# Tests to ensure that the monkeysphere is working
-
-# Authors: 
-#   Daniel Kahn Gillmor <dkg@fifthhorseman.net>
-#   Jameson Rollins <jrollins@fifthhorseman.net>
-#   Micah Anderson <micah@riseup.net> 
-#
-# Copyright: 2008-2019
-# License: GPL v3 or later
-
-# these tests should all be able to run as a non-privileged user.
-
-# all subcommands in this script should complete without failure:
-set -e
-# piped commands should return the code of the first non-zero return
-set -o pipefail
-
-declare -a child_procs=($(ps -o pid h --ppid $$))
-if [ "${#child_procs[@]}" -gt 1 ]; then
-    printf 'found %d pre-existing child processes: %s\n' "${#child_procs[@]}" "${child_procs[*]}"
-    printf "spawning my own subprocess to avoid https://bugs.debian.org/920038...\n"
-    "$0" "$@"
-    exit
-fi
-
-# make sure the TESTDIR is an absolute path, not a relative one.
-export TESTDIR=$(cd $(dirname "$0") && pwd)
-
-source "$TESTDIR"/common
-
-perl -MCrypt::OpenSSL::RSA -e 1 2>/dev/null || { echo "You must have the perl module Crypt::OpenSSL::RSA installed to run this test.  
-On debian-derived systems, you can set this up with:
-  apt-get install libcrypt-openssl-rsa-perl" ; exit 1; }
-
-perl -MDigest::SHA -e 1 2>/dev/null || { echo "You must have the perl module Digest::SHA installed to run this test.  
-On debian-derived systems, you can set this up with:
-  apt-get install libdigest-sha1-perl" ; exit 1; }
-
-
-######################################################################
-### SETUP VARIABLES
-
-## set up some variables to ensure that we're operating strictly in
-## the tests, not system-wide:
-
-mkdir -p "$TESTDIR"/tmp
-TEMPDIR=$(mktemp -d "${TMPDIR:-$TESTDIR/tmp}/ms.XXX")
-
-if [ -z "$MONKEYSPHERE_TEST_USE_SYSTEM" ] ; then
-    mkdir "$TEMPDIR"/bin
-    ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/openpgp2ssh
-    ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/pem2openpgp
-    ln -s "$TESTDIR"/../src/share/keytrans "$TEMPDIR"/bin/keytrans
-
-    # Use the local copy of executables first, instead of system ones.
-    # This should help us test without installing.
-    export PATH="$TEMPDIR"/bin:"$PATH"
-else
-    export PATH=/usr/share/monkeysphere:"$PATH"
-fi
-
-## setup trap
-trap failed_cleanup EXIT
-
-######################################################################
-### TEST KEYTRANS
-
-echo "##################################################"
-echo "### generating openpgp key..."
-export GNUPGHOME="$TEMPDIR"
-chmod 700 "$TEMPDIR"
-
-
-# create the key with the same preferences that monkeysphere uses.
-cat > "$TEMPDIR"/gpg.conf <<EOF
-default-preference-list SHA512 SHA384 SHA256 SHA224 RIPEMD160 SHA1 ZLIB BZIP2 ZIP AES256 AES192 AES CAST5 3DES
-cert-digest-algo SHA256
-list-options show-uid-validity,show-unusable-uids
-fixed-list-mode
-EOF
-
-cat > "$TEMPDIR"/gpg-agent.conf <<EOF
-pinentry-program $TESTDIR/phony-pinentry-nopass
-EOF
-
-# generate a key
-gpg --batch --$(get_gpg_prng_arg) --gen-key <<EOF
-Key-Type: RSA
-Key-Length: 3072
-Key-Usage: sign
-Name-Real: testtest
-Expire-Date: 0
-
-%no-ask-passphrase
-%no-protection
-%commit
-%echo done
-EOF
-
-echo "##################################################"
-echo "### retrieving key timestamp..."
-timestamp=$(gpg --list-key --with-colons | \
-    grep ^pub: | cut -d: -f6)
-
-echo "##################################################"
-echo "### exporting key to ssh file..."
-gpg --export-secret-keys | openpgp2ssh > \
-    "$TEMPDIR"/test.pem
-
-gpg --export-secret-keys > "$TEMPDIR"/secret.key
-
-PEM2OPENPGP_USAGE_FLAGS=sign,certify \
-PEM2OPENPGP_TIMESTAMP="$timestamp" pem2openpgp testtest \
- < "$TEMPDIR"/test.pem > "$TEMPDIR"/converted.secret.key
-
-echo "##################################################"
-echo "### reconvert key, and compare to key in gpg keyring..."
-diff -u \
-    <(gpg --list-packets < "$TEMPDIR"/secret.key) \
-    <(gpg --list-packets < "$TEMPDIR"/converted.secret.key)
-
-diff -u \
-    <(hd "$TEMPDIR"/secret.key) \
-    <(hd "$TEMPDIR"/converted.secret.key)
-
-KEYFPR=$(gpg --fingerprint --with-colons --list-keys | awk -F: '/^fpr:/{ if (ok) { print $10 } ; ok=0 } /^pub:/{ ok=1 }')
-KEYID=$(printf "%s" "$KEYFPR" | cut -b25-40)
-
-echo "conversions look good!"
-
-echo "Now working with key $KEYID at time $timestamp"
-
-gpg --check-trustdb
-gpg --list-keys
-
-
-echo "##################################################"
-echo "### test working with two primary keys ... "
-
-ssh-keygen -m PEM -t rsa -b 3072 -N '' -f "$TEMPDIR"/newkey
-
-PEM2OPENPGP_USAGE_FLAGS=authenticate,certify \
-PEM2OPENPGP_TIMESTAMP="$(( $timestamp + 1 ))" pem2openpgp fubar \
- < "$TEMPDIR"/newkey > "$TEMPDIR"/newkey.gpg
-
-NEWKEYFPR=$(< "$TEMPDIR"/newkey.gpg gpg --with-colons --import-options import-show --dry-run --import | awk -F: '/^fpr:/{ print $10 }' )
-NEWKEYID=$( printf "%s" "$NEWKEYFPR" | cut -b25-40)
-
-< "$TEMPDIR"/newkey.gpg gpg --import 
-
-gpg --batch --no-tty --faked-system-time "$timestamp" --quick-add-uid "$KEYID" baz
-
-cat >"$TEMPDIR"/expectedout <<EOF
-pub:u:3072:1:$KEYID:$timestamp:::u:::scSC
-uid:u::::$timestamp::8200BD0425CC70C7D698DF3FE412044EAAB83F94::testtest
-sig:!::1:$KEYID:$timestamp::::testtest:13x::$KEYFPR:::8
-uid:u::::$timestamp::EDDC32D783E7F4C7B6982D9AE5DC4A61000648BA::baz
-sig:!::1:$KEYID:$timestamp::::testtest:13x::$KEYFPR:::8
-pub:-:3072:1:$NEWKEYID:$(($timestamp + 1)):::-:::caCA
-uid:-::::$(($timestamp + 1))::A0D708F51CC257DEFC01AEDE1E0A5F329DFD8F16::fubar
-sig:!::1:$NEWKEYID:$(($timestamp + 1))::::fubar:13x::$NEWKEYFPR:::8
-EOF
-
-echo "test: diff expected gpg list output"
-diff -u "$TEMPDIR"/expectedout <(gpg --check-sigs --with-colons | grep -vE '^(tru|fpr):' | cut -d: -f1-16 | sed 's/:*$//')
-
-## FIXME: addtest: not testing subkeys at the moment.
-
-
-trap - EXIT
-
-echo "##################################################"
-echo " Monkeysphere keytrans test completed successfully!"
-echo "##################################################"
-
-cleanup