| 1 | #! /bin/sh |
| 2 | |
| 3 | set -e |
| 4 | . lib/func.sh |
| 5 | |
| 6 | ## Check to see whether we're already set up. |
| 7 | if [ -d ca ]; then |
| 8 | echo >&2 "$0: already set up: delete ca/ to restart" |
| 9 | exit 1 |
| 10 | fi |
| 11 | |
| 12 | ## Clear out and recreate the old state directories. |
| 13 | rm -rf gnupg ca ca.new publish publish.new |
| 14 | mkdir -m700 gnupg ca.new |
| 15 | |
| 16 | ## Generate the CA keys. |
| 17 | for kt in $keytypes; do |
| 18 | case $kt in |
| 19 | *:*) bits=-b${kt#*:} kt=${kt%:*} ;; |
| 20 | *) bits= ;; |
| 21 | esac |
| 22 | ssh-keygen -fca.new/ca-$kt -t$kt $bits -C"$cacomment" -N "" |
| 23 | done |
| 24 | |
| 25 | ## Generate the GnuPG key. |
| 26 | run_gpg --batch -q --gen-key <<EOF |
| 27 | %echo Generating key ssh-ca; hold on tight... |
| 28 | Key-Type: $gnupg_key_type |
| 29 | Key-Length: $gnupg_key_length |
| 30 | Name-Real: ${gnupg_key_realname_prefix}ssh-ca |
| 31 | Name-Comment: ssh-ca |
| 32 | Name-Email: ssh-ca@$gnupg_key_email_domain |
| 33 | EOF |
| 34 | |
| 35 | ## Done. |
| 36 | mv ca.new ca |