search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
history | raw | HEAD
added fixed message length padding for OpenCorn::Log
[opencorn.git] / init_log_encryption_key / init_key.rb
blob67ab08d2cebce74c3611860fc3e74c04b7d41359
1 #!/usr/bin/env ruby
2
3 require 'rubygems'
4 require 'fileutils'
5 require 'secretsharing'
6 require 'gpgme'
7 require 'opencorn/config'
8 require 'base64'
9 require 'tempfile'
10 require 'mail'
11
12 DEBUG = false
13
14 def count_board_member_keys
15         old_env = ENV['GNUPGHOME']
16         ENV['GNUPGHOME'] = OpenCorn::Config['GNUPGHOME']
17         gpg = GPGME::Ctx.new
18         amount = gpg.keys.select { |k| k.owner_trust < 5 }.size
19         ENV['GNUPGHOME'] = old_env
20         amount
21 end
22
23 def mail_shares_to_board_members
24 end
25
26 def create_gpg_key(passphrase, k, n)
27         ctx = GPGME::Ctx.new
28         key_params =<<"XEOF"
29 <GnupgKeyParms format="internal">
30 Key-Type: DSA
31 Key-Length: 1536
32 Subkey-Type: ELG-E
33 Subkey-Length: 1536
34 Name-Real: OpenCorn Logging key
35 Name-Comment: passphrase #{k}/#{n} secret shared
36 Name-Email: #{OpenCorn::Config['MAIL_FROM']}
37 Expire-Date: #{OpenCorn::Config['LOGKEY_EXPIRY']}
38 Passphrase: #{passphrase}
39 </GnupgKeyParms>
40 XEOF
41         puts "Generating key, this may take a while ..."
42         ctx.generate_key(key_params, nil, nil)
43         puts "Key generated."
44 end
45
46 tmpdir = Dir.mktmpdir
47 ENV['GNUPGHOME'] = tmpdir
48
49 n = count_board_member_keys
50 k = OpenCorn::Config['SECRETSHARING_K']
51 s = SecretSharing::Shamir.new(n, k)
52 s.create_random_secret
53
54 puts passphrase if DEBUG
55 create_gpg_key(s.secret_password, k, n)
56
57 # export public key to GNUPGHOME_LOG keyring
58 pubkey = GPGME.export('', {:armor => true})
59 ENV['GNUPGHOME'] = OpenCorn::Config['GNUPGHOME_LOG']
60 GPGME.import(pubkey)
61
62 # send encrypted mails to board members with shares and secring/pubring
63 ENV['GNUPGHOME'] = OpenCorn::Config['GNUPGHOME']
64
65 gpg = GPGME::Ctx.new
66 i = 0
67 gpg.each_key do |key|
68         next if key.owner_trust == 5 # this is our own key
69         plain_body = "A new logging key has been created. Your secret share" \
70                      "is the following:\n" \
71                      "#{s.shares[i]}\n\n" \
72                      "Find the encrypted secring.gpg and pubring.pgp attached."
73         enc_body = GPGME.encrypt([key], plain_body,
74                                 {:armor => true, :always_trust => true})
75         File.open "#{tmpdir}/secring.gpg.gpg", 'w' do |f|
76                 f.write GPGME.encrypt([key], File.read("#{tmpdir}/secring.gpg"),
77                                      {:always_trust => true})
78         end
79         File.open "#{tmpdir}/pubring.gpg.gpg", 'w' do |f|
80                 f.write GPGME.encrypt([key], File.read("#{tmpdir}/pubring.gpg"),
81                                       {:always_trust => true})
82         end
83         mail = Mail.new do
84                 from OpenCorn::Config['MAIL_FROM']
85                 to key.uids[0].email
86                 subject "OpenCorn logging key and passphrase secret share"
87                 body enc_body
88                 add_file "#{tmpdir}/secring.gpg.gpg"
89                 add_file "#{tmpdir}/pubring.gpg.gpg"
90         end
91         mail.deliver
92         i += 1
93 end
OpenCorn electronic door project