[Pkg-privacy-commits] [msva-perl] 05/15: enable emitting pkcs12 for the common use case via a rather janky hack
Ximin Luo
infinity0 at moszumanska.debian.org
Mon Aug 24 07:42:17 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository msva-perl.
commit 72f668d40e5dac2a52a22022fd6c5b9fd4df0d50
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Mon Feb 4 22:50:10 2013 -0500
enable emitting pkcs12 for the common use case via a rather janky hack
---
openpgp2x509 | 24 ++++++++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/openpgp2x509 b/openpgp2x509
index c0c8251..21ac9c7 100755
--- a/openpgp2x509
+++ b/openpgp2x509
@@ -408,7 +408,7 @@ sub makeX509CertForUserID {
my $dd = $cert->encode($newcert);
- push(@{$ret}, $dd);
+ push(@{$ret}, { 'der' => $dd, 'fpr' => $subkey->fingerprint->as_hex_string});
}
}
return $ret;
@@ -416,5 +416,25 @@ sub makeX509CertForUserID {
foreach $cert ( @{ makeX509CertForUserID($ARGV[0]) } ) {
- printf("-----BEGIN CERTIFICATE-----\n%s-----END CERTIFICATE-----\n", encode_base64($cert));
+ if (defined($ENV{OPENPGP2X509_EMIT_PKCS12})) {
+ # FIXME: figure out how to do this with certtool instead of openssl;
+ # the PKCS12 files i've tried to generate from certtool --to-p12
+ # can't be loaded by iceweasel for some reason.
+
+ # FIXME: don't do this horrific shell nastiness. be nicer!
+ $ENV{CERTOUTPUT} = sprintf("-----BEGIN CERTIFICATE-----\n%s-----END CERTIFICATE-----\n",
+ encode_base64($cert->{'der'}));
+ $ENV{FPR} = $cert->{'fpr'};
+ $ENV{OPENPGP_UID} = $ARGV[0];
+
+ # Note that while pkcs12(1ssl) claims that the order doesn't
+ # matter, in fact, this doesn't work if you emit the certificate
+ # before you emit the key.
+ system('(gpg --export-options export-reset-subkey-passwd --export-secret-subkeys "0x$FPR"\! |'.
+ 'openpgp2pem "$FPR" && printf "%s" "$CERTOUTPUT") |'.
+ 'openssl pkcs12 -export -name "$OPENPGP_UID"');
+
+ } else {
+ printf("-----BEGIN CERTIFICATE-----\n%s-----END CERTIFICATE-----\n", encode_base64($cert->{'der'}));
+ }
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/msva-perl.git
More information about the Pkg-privacy-commits
mailing list