1 files changed, 50 insertions, 0 deletions
diff --git a/examples/samizdat-init-key.sh b/examples/samizdat-init-key.sh
new file mode 100755
index 0000000..0bd7a32
--- /dev/null
+++ b/examples/samizdat-init-key.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+pem_to_onion_url()
+{
+  perl -MMIME::Base64 -MDigest::SHA=sha1 -MMIME::Base32=RFC -e '
+  $key=decode_base64(join "", grep {!/[-:]/} qx(ssh-keygen -m PEM -e -f $ARGV[0]));
+  printf "%s.onion\n", lc MIME::Base32::encode(substr(sha1($key), 0, 10))' "$1"
+}
+makepub () {
+  tag="$1"
+  path="$2"
+  [ -f $path ] || {
+    mkdir -p "$(dirname $path)"
+    kiki --show-pem "$tag" | ssh-keygen -f /dev/stdin -i -m PKCS8 > "$path"
+    echo "$path": exported >&2
+  }
+}
+# External commands invoked by kiki in order to generate keys.
+# Notice that $file will not be interpolated until kiki runs the command.
+ssh='mkdir -p "$(dirname $file)" && ssh-keygen -P "" -q -f $file -b 2048'
+ssl='mkdir -p "$(dirname $file)" && openssl genrsa -out $file 1024'
+tty -s && echo -n 'Passphrase: '
+read passphrase
+# First, we ensure that the tor key exists and is imported
+# so that we know where to put the strongswan key.
+torkey="$ROOT"/var/lib/tor/samizdat/private_key
+echo "$passphrase" | \
+  kiki --keypairs tor="$torkey{$ssl}" \
+       --passphrase-fd 0  || exit
+onion_url=$(pem_to_onion_url "$torkey") || exit
+# Now import, export, or generate the remaining secret keys.
+echo "$passphrase" | \
+  kiki --keypairs                                                         \
+          strongswan="$ROOT"/etc/ipsec.d/private/"$onion_url".pem{"$ssl"} \
+          ssh-client="$ROOT$HOME"/.ssh/id_rsa{"$ssh"}                     \
+          ssh-host="$ROOT"/etc/ssh/ssh_host_rsa_key{"$ssh"}               \
+       --passphrase-fd 0  || exit
+# Finally, export public keys if they do not exist.
+makepub ssh-client "$ROOT$HOME/.ssh/id_rsa.pub"
+makepub ssh-host   "$ROOT/etc/ssh/ssh_host_rsa_key.pub"
+# TODO: makepub can be made obsolete by implementing something like this:
+# kiki --public ssh-client=$ROOT$HOME/.ssh/id_rsa.pub          \
+#               ssh-host="$ROOT"/etc/ssh/ssh_host_rsa_key.pub

diff --git a/examples/samizdat-init-key.sh b/examples/samizdat-init-key.sh new file mode 100755 index 0000000..0bd7a32 --- /dev/null +++ b/examples/samizdat-init-key.sh
@@ -0,0 +1,50 @@
	1	#!/bin/sh
	2
	3	pem_to_onion_url()
	4	{
	5	perl -MMIME::Base64 -MDigest::SHA=sha1 -MMIME::Base32=RFC -e '
	6	$key=decode_base64(join "", grep {!/[-:]/} qx(ssh-keygen -m PEM -e -f $ARGV[0]));
	7	printf "%s.onion\n", lc MIME::Base32::encode(substr(sha1($key), 0, 10))' "$1"
	8	}
	9
	10	makepub () {
	11	tag="$1"
	12	path="$2"
	13	[ -f $path ] \|\| {
	14	mkdir -p "$(dirname $path)"
	15	kiki --show-pem "$tag" \| ssh-keygen -f /dev/stdin -i -m PKCS8 > "$path"
	16	echo "$path": exported >&2
	17	}
	18	}
	19
	20	# External commands invoked by kiki in order to generate keys.
	21	# Notice that $file will not be interpolated until kiki runs the command.
	22	ssh='mkdir -p "$(dirname $file)" && ssh-keygen -P "" -q -f $file -b 2048'
	23	ssl='mkdir -p "$(dirname $file)" && openssl genrsa -out $file 1024'
	24
	25	tty -s && echo -n 'Passphrase: '
	26	read passphrase
	27
	28	# First, we ensure that the tor key exists and is imported
	29	# so that we know where to put the strongswan key.
	30	torkey="$ROOT"/var/lib/tor/samizdat/private_key
	31	echo "$passphrase" \| \
	32	kiki --keypairs tor="$torkey{$ssl}" \
	33	--passphrase-fd 0 \|\| exit
	34	onion_url=$(pem_to_onion_url "$torkey") \|\| exit
	35
	36	# Now import, export, or generate the remaining secret keys.
	37	echo "$passphrase" \| \
	38	kiki --keypairs \
	39	strongswan="$ROOT"/etc/ipsec.d/private/"$onion_url".pem{"$ssl"} \
	40	ssh-client="$ROOT$HOME"/.ssh/id_rsa{"$ssh"} \
	41	ssh-host="$ROOT"/etc/ssh/ssh_host_rsa_key{"$ssh"} \
	42	--passphrase-fd 0 \|\| exit
	43
	44	# Finally, export public keys if they do not exist.
	45	makepub ssh-client "$ROOT$HOME/.ssh/id_rsa.pub"
	46	makepub ssh-host "$ROOT/etc/ssh/ssh_host_rsa_key.pub"
	47
	48	# TODO: makepub can be made obsolete by implementing something like this:
	49	# kiki --public ssh-client=$ROOT$HOME/.ssh/id_rsa.pub \
	50	# ssh-host="$ROOT"/etc/ssh/ssh_host_rsa_key.pub