diff options
| author | Florian Pritz <bluewind@xinu.at> | 2021-05-16 11:02:02 +0200 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2021-05-16 11:02:09 +0200 |
| commit | d7d00394ce02b8b2d4b6ffdda84d724e5a18b287 (patch) | |
| tree | d93719e79aec6d64f11bfe84370ea69ebf67b9ca | |
| parent | dc486d6710ae5ae4bccd913eeb75c67694c7da4e (diff) | |
| download | bin-d7d00394ce02b8b2d4b6ffdda84d724e5a18b287.tar.gz bin-d7d00394ce02b8b2d4b6ffdda84d724e5a18b287.tar.xz | |
masterkey.pl: Add validation commands
https://gitlab.archlinux.org/archlinux/archlinux-keyring/-/wikis/best-practices#validating-a-key-pair
Signed-off-by: Florian Pritz <bluewind@xinu.at>
| -rwxr-xr-x | masterkey.pl | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/masterkey.pl b/masterkey.pl index fe9b7d6..f3b18cf 100755 --- a/masterkey.pl +++ b/masterkey.pl @@ -100,6 +100,10 @@ on behalf of {$sender_name} ({$sender_key}) my $mail_body = $templates{$command}{'body'}; my $token = random_string('.' x 25); + if ($command eq 'verification') { + validate_key_parameters($id); + } + my $msg = build_email($command, $opts{from}, quotemeta($opts{'from-address'}), $id, $recipient_address_regex, $mail_subject, $mail_body, $token); if ($command eq 'verification') { @@ -170,6 +174,17 @@ fun gpg_get_user($key, $email_regex) { return $user; } +fun validate_key_parameters($key) { + system("sq-keyring-linter <(gpg --export '$key')"); + system("gpg --export '$key' | hokey lint"); + + print "Are there validation errors in the output above or is anything else wrong with the key? (Y/n) "; + my $answer = <STDIN>; + chomp($answer); + + die "Key has validation errors" unless $answer eq 'n' or $answer eq 'N'; +} + fun build_email($command, $sender_key, $sender_address_regex, $recipient_key, $recipient_address_regex, $subject, $body, $token) { # get from gpg keys my ($sender_name, $sender_addr) = gpg_get_user($sender_key, $sender_address_regex)->@{qw(name email)}; |