[linux] GPG key signing party
Jan SARENIK
jasan na x31.com
Čtvrtek Říjen 4 13:39:53 CEST 2007
Ahojte!
Na LugCone budem mat prednasku o zakladoch GPG a nasledne by som bol
rad, aby ti, co uz kluce maju a chcu si vymenit podpisy, aby si
pripravili papieriky pomocou prilozeneho skriptu (pripadne podobne).
Pouzitie skriptu je jednoduche:
./gpg-key2ps "Karlicek Kukalek" >my-key.ps
A este by som rad upozornil na nasledovnu moznost v gpg.conf:
echo ask-cert-level >>~/.gnupg/gpg.conf
ktora zabezpeci chovanie podobne tomu v sarsich verziach GPG, ze sa
pri podpise kluca opyta, ako to velmi ste si identitu cloveka
overili a to prida ako parameter podpisu.
Dakujem, s pozdravom Jasan
------------- další část ---------------
gpg-key2ps
----------
Usage: gpg-key2ps [-p papersize] [-r revoked-style] [-1] keyid-or-name
revoked-style is one of:
grey - Print text in grey
hide - Don't show revoked uids
note - Add "(revoked)"
show - List revoked uids normally
strike - Strike through lines
Output is PostScript which can be sent to e.g. the lpr command.
Specifying the paper size only works when libpaper is installed.
CREDITS
-------
This script comes from the original Signing-Party package which has been
originally created and maintained by Simon Richter <sjr na debian.org> and
Thijs Kinkhorst <thijs na debian.org>.
COPYRIGHT & LICENSE
-------------------
Copyright (C) 2001-2007 Simon Richter and Thijs Kinkhorst
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License with
the Debian GNU/Linux distribution in file /usr/share/common-licenses/GPL;
if not, write to the Free Software Foundation, Inc., 51 Franklin St,
Fifth Floor, Boston, MA 02110-1301, USA
------------- další část ---------------
#!/usr/bin/perl -w
#
# gpg-key2ps: convert a PGP/GnuPG key into paper slips.
# Copyright (C) 2001-2005 Simon Richter
# Copyright (C) 2005-2007 Thijs Kinkhorst
# Copyright (C) 2005-2006 Christoph Berg <cb na df7cb.de>
# Licenced under the GNU General Public License,
# version 2 or later.
#
# $Id: gpg-key2ps 315 2007-03-02 13:12:47Z thijs $
#
# modified to omit subkeys --kasal
use strict;
use Getopt::Long;
my $version = '$Rev: 315 $';
$version =~ s/\$Rev:\s*(\d+)\s*\$/$1/;
my $revokestyle = "hide";
my $columns = 2;
my $creationdate = scalar(localtime);
sub version($) {
my $fd = shift;
print $fd "gpg-key2ps $version - (c) 2001-2007 Simon Richter, Thijs Kinkhorst, Christoph Berg\n";
}
sub usage($$) {
my ($fd, $exitcode) = @_;
version ($fd);
print $fd <<EOF;
Usage: $0 [-p papersize] [-r revoked-style] [-1] keyid-or-name ...
Options:
-p --paper-size
-r --revoked-style
hide - Don't show revoked uids (default)
grey - Print text in grey
note - Add "[revoked]"
show - List revoked uids normally
strike - Strike through lines
-1 Only print one column, for extra wide keys
-h --help
-v --version
EOF
exit $exitcode;
}
# fetch command line parameters
my $opts;
Getopt::Long::config('bundling');
if (!GetOptions (
'-h' => \$opts->{help},
'--help' => \$opts->{help},
'-v' => \$opts->{version},
'--version' => \$opts->{version},
'-p=s' => \$opts->{papersize},
'--paper-size=s' => \$opts->{papersize},
'-r=s' => \$opts->{revokestyle},
'-1' => \$opts->{1},
)) {
usage(\*STDERR, 1);
}
if ($opts->{help}) {
usage (\*STDOUT, 0);
}
if ($opts->{version}) {
version (\*STDOUT);
exit 0;
}
if ( $opts->{revokestyle} ) { $revokestyle = $opts->{revokestyle}; }
if ( $opts->{papersize} ) { $ENV{'PAPERSIZE'} = $opts->{papersize}; }
if ( $revokestyle !~ /^(grey|hide|note|show|strike)$/ ) {
print STDERR "Unknown revoked-style \"$revokestyle\".\n";
usage (\*STDERR, 1);
}
if ( $opts->{1} ) { $columns = 1; }
usage(\*STDERR, 1) unless scalar @ARGV >= 1;
# determine the paper size through the paperconf tool
my $w; my $h;
if ( `which paperconf` && $? == 0 ) {
$w=`paperconf -w`;
$h=`paperconf -h`;
chomp($w);
chomp($h);
} else {
# Default to A4.
print STDERR "Warning: libpaper-utils is not installed, defaulting to A4.\n";
$w=596;
$h=842;
}
# open a gpg process we'll be reading from below
map { s/'/'\\''/g; } @ARGV; # quote single quotes
# --list-key due to #382794
open(GPG, "gpg --list-key --with-fingerprint --with-colons '". (join "' '", @ARGV) ."' |");
sub start_postscript {
# start the PostScript output
print <<EOF;
%!PS-Adobe-3.0
%%BoundingBox: 0 0 $w $h
%%Title:
%%Creator: gpg-key2ps $version
%%CreationDate: $creationdate
%%Pages: 1
%%EndComments
%%Page: 1 1
/w $w def
/h $h def
/Times-Roman findfont 9 scalefont setfont
/newline {
/y y 10 sub def
} def
/hline {
30 y 3 add moveto
w $columns div 30 sub y 3 add lineto stroke
newline
} def
/needhline {
/condhline { hline } def
} def
/noneedhline {
/condhline { } def
} def
/showAlgorithm {
<< 1 (R) 2 (r) 3 (s) 16 (g) 20 (G) 17 (D) >> exch get
show
} def
/pub {
condhline
50 y moveto (pub) show
70 y moveto show showAlgorithm (/) show show
150 y moveto show
200 y moveto show
newline
needhline
} def
/fpr {
70 y moveto (Key fingerprint = ) show show
newline
} def
/uid {
50 y moveto (uid) show
200 y moveto show
newline
} def
EOF
# output the desired display for revoked uids
if ( $revokestyle eq "grey" ) {
print "/revuid {\n";
print " .5 setgray\n";
print " uid\n";
print " 0 setgray\n";
print "} def\n";
} elsif ( $revokestyle eq "note" ) {
print "/revuid {\n";
print " 50 y moveto (uid) show\n";
print " 200 y moveto show ( [revoked]) show\n";
print " newline\n";
print "} def\n";
} elsif ( $revokestyle eq "show" ) {
print "/revuid { uid } def\n";
} elsif ( $revokestyle eq "strike" ) {
print "/revuid {\n";
print " uid\n";
print " 45 y 9 add moveto h 2 div 45 sub y 18 add lineto stroke\n";
print "} def\n";
}
print <<EOF;
/sbk {
50 y moveto (sub) show
70 y moveto show showAlgorithm (/) show show
150 y moveto show
newline
} def
/key {
noneedhline
EOF
} # sub start_postscript
# walk the output of gpg line by line
# $numlines has the total number of lines so we'll know how many to put on page
my $numlines = 0;
my $started = 0;
while(<GPG>) {
# we don't use these
if ( /^(tru|uat):/ ) { next; }
# every primary uid causes an extra line because of the separator
if ( /^pub:/ ) {
start_postscript() unless $started;
$started = 1;
$numlines++;
}
# primary uid
s/^pub:[^:]*:([^:]*):([0-9]*):.{8,8}(.{8,8}):([^:]*):[^:]*:[^:]*:[^:]*:([^:]*):[^:]*:[^:]*:.*/ ($5) ($4) ($3) $2 ($1) pub/;
# fingerprint, format it nicely with spaces
if ( /^fpr:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]*):.*/ ) {
my $fpr = $1;
# v4 key
$fpr =~ s/(\w{4})(\w{4})(\w{4})(\w{4})(\w{4})(\w{4})(\w{4})(\w{4})(\w{4})(\w{4})/$1 $2 $3 $4 $5 $6 $7 $8 $9 $10/;
# v3 key
$fpr =~ s/(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})(\w{2})/$1 $2 $3 $4 $5 $6 $7 $8 $9 $10 $11 $12 $13 $14 $15 $16/g;
$_ = " ($fpr) fpr\n";
}
# user ids
s/^uid:[^:r]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]*):.*/ ($1) uid/;
# revoked user id
if (s/^uid:r[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:([^:]*):.*/ ($1) revuid/) {
next if $revokestyle eq "hide";
}
# subkey
# kasal: do not print subkey
next if
s/^sub:[^:]*:([^:]*):([0-9]*):.{8,8}(.{8,8}):([^:]*):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:.*/ ($4) ($3) $2 ($1) sbk/;
$numlines++;
# print this line
print;
}
close(GPG);
unless ($started) {
print STDERR "No public key found.\n";
exit 1;
}
# output the remaining postscript
print <<EOF;
} def
/numlines $numlines def
/num w 16 sub 10 div numlines div def
/column {
/y w 20 sub def
1 1 num {
gsave
0 0 h $columns div w rectclip
/upper y 11 add def
key
newline
/lower y 11 add def
0 upper h $columns div upper h $columns div lower 0 lower 0 upper moveto lineto lineto lineto lineto stroke
grestore
} for
} def
w 0 translate
90 rotate
column
EOF
if ( $columns == 2 ) {
print <<EOF;
h $columns div 0 translate
column
EOF
}
print <<EOF;
showpage
%%Trailer
%%EOF
EOF
# done!
exit 0;
__END__
=head1 NAME
B<gpg-key2ps> - generates a PS file from a GnuPG keyring
=head1 SYNOPSIS
B<gpg-key2ps> [B<-r> I<revoked-style>] [B<-p> I<papersize>] I<keyid-or-name> [ I<...> ]
=head1 DESCRIPTION
gpg-key2ps generates a PostScript file with your OpenPGP key fingerprint (repeated
as often as it fits) useful for keysigning parties. The only argument is the same
as you would pass to GPG's list-keys command, either a key-id or a (partial) name.
The PS data is written to stdout.
=head1 OPTIONS
=over
=item B<-p> B<--paper-size> I<paper-size>
Select the output paper size. Default is to look into /etc/papersize or A4 if
libpaper isn't installed.
=item B<-r> B<--revoked-style> I<revoked-style>
Select how to mark revoked UIDs. Five styles are available:
B<hide> don't show at all (default),
B<show> show normally,
B<grey> display in 50% grey,
B<note> add "[revoked]", and
B<strike> strike through.
=item I<keyid>
Keyids to print. Multiple can be separated by spaces.
=item B<-h> B<--help>
Print usage and exit.
=item B<-v> B<--version>
Print version and exit.
=back
=head1 SEE ALSO
gpg(1)
http://pgp-tools.alioth.debian.org/
=head1 AUTHORS AND COPYRIGHT
(c) 2001 - 2005 Simon Richter <sjr na debian.org>
(c) 2005 Thijs Kinkhorst <thijs na kinkhorst.com>
(c) 2005 Christoph Berg <cb na df7cb.de>
Další informace o konferenci linux