diff options
Diffstat (limited to 'masterkey.pl')
| -rwxr-xr-x | masterkey.pl | 38 |
1 files changed, 34 insertions, 4 deletions
diff --git a/masterkey.pl b/masterkey.pl index d532dfb..d24a5a5 100755 --- a/masterkey.pl +++ b/masterkey.pl @@ -46,9 +46,9 @@ sub main { 'body' => 'Hi, This mail is about having your GPG key signed by an Arch Linux master key. -Please reply with an email that is signed with your key ({$recipient_key}) +Please reply with an email that is signed with your key or a subkey of it ({$recipient_key}) and contains the token listed below. It is not necessary to encrypt the mail, -however, signing the mail with your key is required. +however, signing the mail with your key or a subkey of it is required. If you do not have GPG configured in your mail client, it is sufficient to send the signed token as an attachment. @@ -67,6 +67,8 @@ on behalf of {$sender_name} ({$sender_key}) Your GPG key ({$recipient_key}) has been successfully signed by an Arch Linux master key. +A copy of your signed key is attached to this message. + Best Regards, SAMKIVS (Simple Automated Master Key Identity Verification System) on behalf of {$sender_name} ({$sender_key}) @@ -98,6 +100,10 @@ on behalf of {$sender_name} ({$sender_key}) my $mail_body = $templates{$command}{'body'}; my $token = random_string('.' x 25); + if ($command eq 'verification') { + validate_key_parameters($id); + } + my $msg = build_email($command, $opts{from}, quotemeta($opts{'from-address'}), $id, $recipient_address_regex, $mail_subject, $mail_body, $token); if ($command eq 'verification') { @@ -138,19 +144,22 @@ fun gpg_get_users($key) { my $user = Encode::decode('utf8', $uid->as_string); unless ($user =~ m/^(?<name>.*?) (?:\((?<comment>.*?)\) )?\<(?<email>.*?@.*?)\>$/) { - die "Failed to parse GPG user information for key $key; got $user"; + warn "Warning: Failed to parse GPG user information for key $key; got '$user'. Ignoring...\n"; } push @users, {%+}; } + die "Failed to parse even one UID from key. Giving up" unless (0+@users > 0); + return \@users; } fun gpg_get_user($key, $email_regex) { my $users = gpg_get_users($key); - return $users->[0] if $users->@* == 1; + # Disable this since we only want to use the userid matching the regex + #return $users->[0] if $users->@* == 1; my $user = first {$_->{email} =~ m/$email_regex/} $users->@*; @@ -168,6 +177,17 @@ fun gpg_get_user($key, $email_regex) { return $user; } +fun validate_key_parameters($key) { + system("sq-keyring-linter <(gpg --export '$key')"); + system("gpg --export '$key' | hokey lint"); + + print "Are there validation errors in the output above or is anything else wrong with the key? (Y/n) "; + my $answer = <STDIN>; + chomp($answer); + + die "Key has validation errors" unless $answer eq 'n' or $answer eq 'N'; +} + fun build_email($command, $sender_key, $sender_address_regex, $recipient_key, $recipient_address_regex, $subject, $body, $token) { # get from gpg keys my ($sender_name, $sender_addr) = gpg_get_user($sender_key, $sender_address_regex)->@{qw(name email)}; @@ -203,6 +223,16 @@ fun build_email($command, $sender_key, $sender_address_regex, $recipient_key, $r Data => [$body], ); + if ($command eq 'confirmation') { + my $recipient_key_data = `gpg --armor --export $recipient_key`; + $msg->attach( + Data => $recipient_key_data, + Filename => "$recipient_key-signed.asc", + Encoding => 'quoted-printable', + ); + } + + $msg->add("Message-ID", Email::MessageID->new->in_brackets); $msg->replace("Return-Path", "<$sender_addr>"); |