aboutsummaryrefslogtreecommitdiff
path: root/local
diff options
context:
space:
mode:
Diffstat (limited to 'local')
-rwxr-xr-xlocal/bin/usbkey190
1 files changed, 190 insertions, 0 deletions
diff --git a/local/bin/usbkey b/local/bin/usbkey
new file mode 100755
index 0000000..5e7648a
--- /dev/null
+++ b/local/bin/usbkey
@@ -0,0 +1,190 @@
+#!/bin/sh
+set -e
+
+UUID_KKEY="7930cd94-b56e-4395-8859-f34da77f29be"
+UUID_WKEY=""
+
+CRYPT_NAME="usbkey"
+MOUNT_PATH="/media/usbkey"
+
+op_mount() {
+ # First check if we have key drive
+ if [ ! -e "/dev/disk/by-uuid/$UUID_KKEY" ]; then
+ echo "Can't locate appropriate usb drive." >&2
+ exit 1
+ fi
+ # Decrypt drive
+ if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
+ echo "USB key seems to be already decrypted" >&2
+ else
+ echo "Decrypting usb key" >&2
+ sudo -- cryptsetup open /dev/disk/by-uuid/"$UUID_KKEY" "$CRYPT_NAME"
+ fi
+ # Mount drive
+ if mount | grep -q "$MOUNT_PATH"; then
+ echo "USB key is already mounted" >&2
+ else
+ echo "Mounting usb key"
+ sudo -- mkdir -p "$MOUNT_PATH"
+ sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME" "$MOUNT_PATH"
+ fi
+
+ echo "USB key drive mounted" >&2
+}
+
+op_unmount() {
+ # Unmount
+ if mount | grep -q "$MOUNT_PATH"; then
+ echo "Unmounting usb key" >&2
+ sync "$MOUNT_PATH"
+ sudo -- umount "$MOUNT_PATH"
+ fi
+ # Remove mount path
+ [ ! -d "$MOUNT_PATH" ] || sudo -- rmdir "$MOUNT_PATH"
+ # Close encryption
+ if [ -e "/dev/mapper/$CRYPT_NAME" ]; then
+ echo "Closing encryption on usb key" >&2
+ sudo -- cryptsetup close "$CRYPT_NAME"
+ fi
+
+ echo "USB key unmounted" >&2
+}
+
+check_mount() {
+ mount | grep "$MOUNT_PATH" | grep -q "/dev/mapper/$CRYPT_NAME"
+}
+
+op_sync() {
+ local DOUNMOUNT=false
+ local EXITC=0
+ if ! check_mount; then
+ DOUNMOUNT=true
+ op_mount
+ fi
+ if [ -e "/dev/disk/by-uuid/$UUID_WKEY" ]; then
+ # Mount backup usb
+ sudo -- cryptsetup open "/dev/disk/by-uuid/$UUID_WKEY" "$CRYPT_NAME-backup"
+ sudo -- mkdir -p "$MOUNT_PATH-backup"
+ sudo -- mount -o uid="$(id -u)",gid="$(id -g)" "/dev/mapper/$CRYPT_NAME-backup" "$MOUNT_PATH-backup"
+ # Sync them
+ rsync -aAxXS --delete --progress "$MOUNT_PATH/" "$MOUNT_PATH-backup/"
+ # Unmount it
+ sudo -- umount "$MOUNT_PATH-backup"
+ sudo -- rmdir "$MOUNT_PATH-backup"
+ sudo -- cryptsetup close "$CRYPT_NAME-backup"
+ else
+ echo "USB backup key seems to not be inserted. Please do so." >&2
+ EXITC=1
+ fi
+ if $DOUNMOUNT; then
+ op_unmount
+ fi
+ exit $EXITC
+}
+
+ssh_list() {
+ check_mount || op_mount
+ for KEY in $(find "$MOUNT_PATH/ssh" -name '*.pub'); do
+ local N="${KEY#$MOUNT_PATH/ssh/}"
+ echo -n "${N%.pub}: "
+ sed -n 's/ssh-rsa .* \(.*\)/\1/p' "$KEY"
+ done
+}
+
+ssh_generate() {
+ check_mount || op_mount
+ if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
+ echo "Key $NAME seems to already exists." >&2
+ exit 1
+ fi
+ echo -n "Please enter comment: "
+ read COMMENT
+ ssh-keygen -f "$MOUNT_PATH/ssh/$NAME" -C "$COMMENT"
+}
+
+ssh_import() {
+ check_mount || op_mount
+ if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
+ echo "There is no key named $NAME" >&2
+ exit 1
+ fi
+ cp "$MOUNT_PATH/ssh/$NAME" ~/.ssh/
+ cp "$MOUNT_PATH/ssh/$NAME.pub" ~/.ssh/
+}
+
+
+unknown_argument() {
+ echo "Unknown argument: $1"
+ exit 1
+}
+# Parse operation (operation have to be first)
+case "$1" in
+ -h|--help)
+ echo "Usb key manager"
+ echo "Usage: usbkey OPERATION ..."
+ echo
+ echo "Operations:"
+ echo " mount: Mount key of usb driver"
+ echo " unmount: Unmount usb driver"
+ echo " sync: Synchronize drive to bakup drive"
+ echo " gpg-import: Import gpg key"
+ echo " ssh-import: Import ssh key"
+ echo " ssh-generate: Generate new ssh key"
+ echo " ssh-list: List all keys in store"
+ echo " openvpn-get: Get keys for some host"
+ echo " openvpn-generate: Generate key for new host"
+ exit 0
+ ;;
+ mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
+ OPERATION="$1"
+ ;;
+ *)
+ unknown_argument "$1"
+ ;;
+esac
+shift
+# Parse rest of the arguments
+while [ $# -gt 0 ]; do
+ case "$1" in
+ -h|--help)
+ echo "Usb key manager"
+ case "$OPERATION" in
+ mount|unmount|sync)
+ echo "Usage: usbkey $OPERATION [-h]"
+ ;;
+ ssh-*)
+ echo "Usage: usbkey $OPERATION NAME [-h]"
+ ;;
+ # TODO
+ esac
+ exit 0
+ ;;
+ *)
+ if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
+ NAME="$1"
+ else
+ unknown_argument "$1"
+ fi
+ ;;
+ esac
+ shift
+done
+
+case "$OPERATION" in
+ mount)
+ op_mount
+ ;;
+ unmount)
+ op_unmount
+ ;;
+ sync)
+ op_sync
+ ;;
+ ssh-list)
+ ssh_list
+ ;;
+ *)
+ echo "Operation $OPERATION not implemented" >&2
+ exit 2
+ ;;
+esac