Major change of approach and rewrite.
[ssh-ca] / bin / setup
1 #! /bin/sh
2
3 set -e
4 . lib/func.sh
5
6 ## Check to see whether we're already set up.
7 if [ -d ca ]; then
8 echo >&2 "$0: already set up: delete ca/ to restart"
9 exit 1
10 fi
11
12 ## Clear out and recreate the old state directories.
13 rm -rf gnupg ca ca.new publish publish.new
14 mkdir -m700 gnupg ca.new
15
16 ## Generate the CA keys.
17 for kt in $keytypes; do
18 case $kt in
19 *:*) bits=-b${kt#*:} kt=${kt%:*} ;;
20 *) bits= ;;
21 esac
22 ssh-keygen -fca.new/ca-$kt -t$kt $bits -C"$cacomment" -N ""
23 done
24
25 ## Generate the GnuPG key.
26 run_gpg --batch -q --gen-key <<EOF
27 %echo Generating key ssh-ca; hold on tight...
28 Key-Type: $gnupg_key_type
29 Key-Length: $gnupg_key_length
30 Name-Real: ${gnupg_key_realname_prefix}ssh-ca
31 Name-Comment: ssh-ca
32 Name-Email: ssh-ca@$gnupg_key_email_domain
33 EOF
34
35 ## Done.
36 mv ca.new ca