#!/bin/sh # # (c) Ronald Schmidt # # http://pgp.clug.de/signtool # ############################################################## # 0. ein paar deffinitionen MYKEY="" #MYUIDS="-u ronsc@ronsc.de" GPG_BIN="gpg" #quintuple-agent if [ "$AGENT_SOCKET" != "" ] ; then GPG_BIN="agpg" fi TMP_KEYRING="./signtool.pubring.tmp" # gpg welches auf $TMP_KEYRING arbeitet TGPG="$GPG_BIN --no-default-keyring \ --default-cert-check-level 3 \ --quiet --keyring $TMP_KEYRING" # orginal nutzer gpg OGPG="$GPG_BIN" KEY=$1 ############################################################## # 1. genau einen schluessel herunter laden load_key() { KEY=$1 if $OGPG --with-colons --list-key $KEY 2>/dev/null >/dev/null ; then echo KEY $KEY found else echo "download KEY $KEY" $OGPG --recv-key $KEY fi } # loescht alle SIGNATUREN von UID=1 del_sigs() { KEY=$1 mkfifo /tmp/gpg-cmd-$UID cat /tmp/gpg-cmd-$UID | $TGPG --with-colons --no-tty --command-fd 0 \ --status-fd 1 --yes --edit-key $KEY uid 1 delsig | ( ( while read ; do #echo "GPG $REPLY" >/dev/stderr if [ "$REPLY" = "[GNUPG:] GET_BOOL keyedit.delsig.selfsig" ] ; then echo "NO" fi if [ "$REPLY" = "[GNUPG:] GET_BOOL keyedit.delsig.unknown" -o \ "$REPLY" = "[GNUPG:] GET_BOOL keyedit.delsig.valid" ] ; then echo "YES" fi if [ "$REPLY" = "[GNUPG:] GET_LINE keyedit.prompt" ] ; then echo "SAVE" fi done ) > /tmp/gpg-cmd-$UID ) rm -f /tmp/gpg-cmd-$UID } count_uids() { KEY=$1 $OGPG --with-colons --no-tty --command-fd 0 \ --status-fd 1 --yes --edit-key $KEY quit 2>/dev/null | egrep -a "^uid" | wc -l } count_all() { KEY=$1 $OGPG --with-colons --no-tty --command-fd 0 \ --status-fd 1 --yes --edit-key $KEY quit 2>/dev/null | egrep -a "^(uid|uat)" | wc -l } del_uids() { KEY=$1 ID=$2 COUNT=`count_all $KEY` IDS="" for i in `seq $COUNT` ; do if [ "$ID" != "$i" ] ; then IDS="$IDS $i" fi done mkfifo /tmp/gpg-cmd-$UID cat /tmp/gpg-cmd-$UID | $TGPG --with-colons --no-tty --command-fd 0 \ --status-fd 1 --yes --edit-key $KEY uid $IDS deluid | ( ( while read ; do #echo "GPG $REPLY" >/dev/stderr if [ "$REPLY" = "[GNUPG:] GET_BOOL keyedit.remove.uid.okay" ] ; then echo "YES" fi if [ "$REPLY" = "[GNUPG:] GET_LINE keyedit.prompt" ] ; then echo "SAVE" fi done ) > /tmp/gpg-cmd-$UID ) rm -f /tmp/gpg-cmd-$UID } green() { echo -ne "\e[32m" ; } red() { echo -ne "\e[31m" ; } normal() { echo -ne "\e[0m" ; } sign_uid() { KEY=$1 INFO=`$TGPG --list-key --with-colons $KEY 2>/dev/null | grep ^pub` ID=`echo $INFO | cut -d":" -f 10` EMAIL=`echo $ID | cut -d"<" -f 2 | cut -d">" -f 1` red echo "UID: $ID" echo "EMAIL: $EMAIL" if echo $EMAIL | grep -v @ >/dev/null ; then echo "no email!" normal return fi if [ "$IGNORE_OLD" = "true" -a -f $KEY-$EMAIL.mail ] ; then echo "ignoring" normal return fi normal green $TGPG --sign-key $KEY 2>/dev/null normal red if $TGPG --with-colon --list-sig $KEY 2>/dev/null | grep $MYKEY ; then if [ "$SIMULATE" != "true" ] ; then FILE=$KEY-$EMAIL.mail echo echo write email to file $FILE normal ( cat msg.txt echo echo $TGPG -a --export $KEY 2>/dev/null 2>/dev/null echo cat $0 ) | $TGPG -a -e -r $KEY -r $MYKEY >$FILE if [ ! -s $FILE ] ; then red echo "encryption failed !!!" normal fi fi else echo echo "cannot found my Signature" echo fi normal } sign_key() { KEY=$1 load_key $KEY COUNT=`count_uids $KEY` for id in `seq $COUNT` ; do rm -f $TMP_KEYRING $OGPG --export $KEY | $TGPG --import $OGPG --export $MYKEY | $TGPG --import red echo echo "##### KEY $KEY UID $id #######################################################" normal del_uids $KEY $id 2>/dev/null del_sigs $KEY 2>/dev/null; sign_uid $KEY rm -f $TMP_KEYRING done } send_key() { KEY=$1 for i in ./$KEY-*.mail; do if [ -s $i ] ; then EMAIL=`basename $i .mail | cut -d "-" -f 2-` cat $i | mail -s "Unterschift von key=$KEY uid=$EMAIL" $EMAIL echo "send $i to $EMAIL" fi done } help() { cat << EOF SYNTAX: $0 [options] KEY [KEY ...] OPTIONS: -k my key-id -s send signatures -S sign and send -l alle keys in bearbeiten -i ignore if email-file exist EOF } normal while getopts "ihk:sSl:" OPT ; do case $OPT in h) help exit 0 ;; i) IGNORE_OLD=true ;; k) MYKEY=`echo $OPTARG | tr [a-z] [A-Z]` ;; s) SEND_EMAIL=true ;; S) SEND_TOO=true ;; l) KEY_LIST=$OPTARG ;; ":") # wrong argument echo -n "ERROR: Missing argument for option \"$OPTARG\". " echo "Use \"signtool iimage -h\" to get more help." exit 1 ;; *) # wrong option echo -n "ERROR: Unknown option \"$OPTARG\". " echo "Use \"signtool -h\" to get more help." exit 1 ;; esac done if [ "$MYKEY" = "" ] ; then echo "error: my-key ist unknown" echo help exit 1 fi shift $[ $OPTIND - 1 ] KEYS=$* if [ -f "$KEY_LIST" ] ; then KEYS=`cat $KEY_LIST` fi for i in $KEYS ; do KEY=`echo $i | tr [a-z] [A-Z]` if [ "$SEND_EMAIL" = true ] ; then send_key $KEY else sign_key $KEY [ "$SEND_TOO" = "true" ] && send_key $KEY fi done # vim:expandtab