| #!/bin/sh |
| |
| # This uses a 64-character hex key supplied by the user. |
| # If OpenSSL is installed, you can generate a pseudo-random key by running: |
| # openssl rand -hex 32 |
| # To get a true random key, run: |
| # wget -q -O - 'https://www.random.org/cgi-bin/randbyte?nbytes=32&format=h' | tr -d ' \n'; echo |
| # Do not create any fie with extension "wkey" in $DIR; these are |
| # reserved for wrapped data key files. |
| |
| [ "$#" -lt 1 ] && echo "cluster_key_command usage: $0 %R [%p]" 1>&2 && exit 1 |
| # Supports environment variable PROMPT |
| |
| FD="$1" |
| [ ! -t "$FD" ] && echo "file descriptor $FD does not refer to a terminal" 1>&2 && exit 1 |
| |
| [ "$2" ] && PROMPT="$2" |
| |
| |
| # ---------------------------------------------------------------------- |
| |
| [ ! "$PROMPT" ] && PROMPT='Enter cluster key as 64 hexadecimal characters: ' |
| |
| stty -echo <&"$FD" |
| |
| echo 1>&"$FD" |
| echo -n "$PROMPT" 1>&"$FD" |
| read KEY <&"$FD" |
| |
| stty echo <&"$FD" |
| |
| if [ "$(expr "$KEY" : '[0-9a-fA-F]*$')" -ne 64 ] |
| then echo 'invalid; must be 64 hexadecimal characters' 1>&2 |
| exit 1 |
| fi |
| |
| echo "$KEY" |
| |
| exit 0 |
