-
Notifications
You must be signed in to change notification settings - Fork 1
/
cmd_pgp_gen.go
144 lines (129 loc) · 4.12 KB
/
cmd_pgp_gen.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
// Copyright 2015 Keybase, Inc. All rights reserved. Use of
// this source code is governed by the included BSD license.
package client
import (
"fmt"
"golang.org/x/net/context"
"github.com/keybase/cli"
"github.com/keybase/client/go/engine"
"github.com/keybase/client/go/libcmdline"
"github.com/keybase/client/go/libkb"
rpc "github.com/keybase/go-framed-msgpack-rpc"
)
type CmdPGPGen struct {
arg engine.PGPKeyImportEngineArg
}
var SmallKey = 1024
func (v *CmdPGPGen) ParseArgv(ctx *cli.Context) (err error) {
nargs := len(ctx.Args())
if nargs != 0 {
err = fmt.Errorf("pgp gen takes 0 args")
} else {
g := libkb.PGPGenArg{}
g.PGPUids = ctx.StringSlice("pgp-uid")
g.NoDefPGPUid = ctx.Bool("no-default-pgp-uid")
v.arg.AllowMulti = ctx.Bool("multi")
v.arg.DoExport = !ctx.Bool("no-export")
if g.NoDefPGPUid && len(g.PGPUids) == 0 {
err = fmt.Errorf("if you don't want the default PGP uid, you must supply a PGP uid with the --pgp-uid option")
}
if ctx.Bool("debug") {
g.PrimaryBits = SmallKey
g.SubkeyBits = SmallKey
}
v.arg.Gen = &g
}
return err
}
// Why use CreatePGPIDs rather than MakeAllIds?
func (v *CmdPGPGen) Run() (err error) {
protocols := []rpc.Protocol{
NewSecretUIProtocol(G),
}
cli, err := GetPGPClient()
if err != nil {
return err
}
if err = RegisterProtocols(protocols); err != nil {
return err
}
if err = v.arg.Gen.CreatePGPIDs(); err != nil {
return err
}
v.arg.PushSecret, err = GlobUI.PromptYesNo(PromptDescriptorPGPGenPushSecret, "Push an encrypted copy of your new secret key to the Keybase.io server?", libkb.PromptDefaultYes)
if err != nil {
return err
}
err = cli.PGPKeyGen(context.TODO(), v.arg.Export())
err = AddPGPMultiInstructions(err)
return err
}
func AddPGPMultiInstructions(err error) error {
if err == nil {
return nil
}
if kee, ok := err.(libkb.KeyExistsError); ok {
return fmt.Errorf("You already have a PGP key registered (%s)\n"+
"Specify the `--multi` flag to override this check",
kee.Key.ToQuads())
}
// Not the right type. Return it as is.
return err
}
func NewCmdPGPGen(cl *libcmdline.CommandLine) cli.Command {
return cli.Command{
Name: "gen",
Usage: "Generate a new PGP key and write to local secret keychain",
Flags: []cli.Flag{
cli.BoolFlag{
Name: "d, debug",
Usage: "Generate small keys for debugging.",
},
cli.StringSliceFlag{
Name: "pgp-uid",
Usage: "Specify custom PGP uid(s).",
Value: &cli.StringSlice{},
},
cli.BoolFlag{
Name: "no-default-pgp-uid",
Usage: "Do not include the default PGP uid 'username@keybase.io' in the key.",
},
cli.BoolFlag{
Name: "multi",
Usage: "Allow multiple PGP keys.",
},
cli.BoolFlag{
Name: "no-export",
Usage: "Disable exporting of new keys to GPG keychain.",
},
},
Description: `"keybase pgp gen" generates a new PGP key for this account.
In all cases, it signs the public key with an exising device key,
and pushes the signature to the server. Thus, the user will have a
publicly-visible "PGP device" after running this operation.
The secret half of the PGP key is written by default to the user's
local Keybase keychain and encrypted with the "local key security"
(LKS) protocol. (For more information, try 'keybase help keyring').
Also, by default, the public half of the new PGP key
is exported to the local GnuPG keyring, if one is found. (For now,
you must export the secret half to gpg manually with a command like
'keybase pgp export -s | gpg --import'.)
On subsequent secret key accesses --- say for PGP decryption or
for signing --- access to the local GnuGP keyring is not required.
Rather, keybase will access the secret PGP key in its own local keychain.
By default, the secret half of the PGP key is never exported off
of the local system, but users have a choice via terminal prompt
to select storage of their encrypted secret PGP key on the Keybase
servers.`,
Action: func(c *cli.Context) {
cl.ChooseCommand(&CmdPGPGen{}, "gen", c)
},
}
}
func (v *CmdPGPGen) GetUsage() libkb.Usage {
return libkb.Usage{
Config: true,
KbKeyring: true,
API: true,
}
}