[ssh-ca] / bin / setup

#! /bin/sh

set -e
. lib/func.sh

## Check to see whether we're already set up.
if [ -d ca ]; then
  echo >&2 "$0: already set up: delete ca/ to restart"
  exit 1
fi

## Clear out and recreate the old state directories.
rm -rf gnupg ca ca.new publish publish.new
mkdir -m700 gnupg ca.new

## Generate the CA keys.
for kt in $keytypes; do
  case $kt in
    *:*) bits=-b${kt#*:} kt=${kt%:*} ;;
    *) bits= ;;
  esac
  ssh-keygen -fca.new/ca-$kt -t$kt $bits -C"$cacomment" -N ""
done

## Generate the GnuPG key.
run_gpg	--batch -q --gen-key <<EOF
%echo Generating key ssh-ca; hold on tight...
Key-Type: $gnupg_key_type
Key-Length: $gnupg_key_length
Name-Real: ${gnupg_key_realname_prefix}ssh-ca
Name-Comment: ssh-ca
Name-Email: ssh-ca@$gnupg_key_email_domain
EOF

## Done.
mv ca.new ca
Commit	Line	Data
a91e8fcb MW	1	#! /bin/sh
	2
	3	set -e
	4	. lib/func.sh
	5
	6	## Check to see whether we're already set up.
	7	if [ -d ca ]; then
	8	echo >&2 "$0: already set up: delete ca/ to restart"
	9	exit 1
	10	fi
	11
	12	## Clear out and recreate the old state directories.
	13	rm -rf gnupg ca ca.new publish publish.new
	14	mkdir -m700 gnupg ca.new
	15
	16	## Generate the CA keys.
	17	for kt in $keytypes; do
	18	case $kt in
	19	:) bits=-b${kt#:} kt=${kt%:} ;;
	20	*) bits= ;;
	21	esac
	22	ssh-keygen -fca.new/ca-$kt -t$kt $bits -C"$cacomment" -N ""
	23	done
	24
	25	## Generate the GnuPG key.
	26	run_gpg --batch -q --gen-key <<EOF
	27	%echo Generating key ssh-ca; hold on tight...
	28	Key-Type: $gnupg_key_type
	29	Key-Length: $gnupg_key_length
	30	Name-Real: ${gnupg_key_realname_prefix}ssh-ca
	31	Name-Comment: ssh-ca
	32	Name-Email: ssh-ca@$gnupg_key_email_domain
	33	EOF
	34
	35	## Done.
	36	mv ca.new ca