Next: Starting a New Project, Previous: Creating a Database, Up: Tutorial [Contents][Index]
Now Jim, Abe and Beth must each generate an RSA key pair for themselves. This step requires choosing a key identifier. Typical key identifiers are similar to email addresses, possibly modified with some prefix or suffix to distinguish multiple keys held by the same owner. Our example programmers will use their email addresses at the fictional “juicebot.co.jp” domain name. When we ask for a key to be generated, monotone will ask us for a passphrase. This phrase is used to encrypt the key when storing it on disk, as a security measure.
Jim does the following:
$ mtn genkey jim@juicebot.co.jp enter passphrase for key ID [jim@juicebot.co.jp] (...): <Jim enters his passphrase> confirm passphrase for key ID [jim@juicebot.co.jp] (...): <Jim confirms his passphrase> mtn: generating key-pair 'jim@juicebot.co.jp' mtn: storing key-pair 'jim@juicebot.co.jp' in /home/jim/.monotone/keys mtn: key 'jim@juicebot.co.jp' has hash '398cb10dcd4fadf4f7849a3734b626a83e0bb2ae'
Abe does something similar:
$ mtn genkey abe@juicebot.co.jp enter passphrase for key ID [abe@juicebot.co.jp] (...): <Abe enters his passphrase> confirm passphrase for key ID [abe@juicebot.co.jp] (...): <Abe confirms his passphrase> mtn: generating key-pair 'abe@juicebot.co.jp' mtn: storing key-pair 'abe@juicebot.co.jp' in /home/abe/.monotone/keys mtn: key 'abe@juicebot.co.jp' has hash '62d8d1798e716868acde75c0fc4c84760003863d'
as does Beth:
$ mtn genkey beth@juicebot.co.jp enter passphrase for key ID [beth@juicebot.co.jp] (...): <Beth enters her passphrase> confirm passphrase for key ID [beth@juicebot.co.jp] (...): <Beth confirms her passphrase> mtn: generating key-pair 'beth@juicebot.co.jp' mtn: storing key-pair 'beth@juicebot.co.jp' in /home/beth/.monotone/keys mtn: key 'beth@juicebot.co.jp' has hash 'c1d47c065a21f1e1c4fbdefaa2f37bd2c15ee4b1'
Each programmer has now generated a key pair and placed it in their keystore. Each can list the keys in their keystore, to ensure the correct key was generated. For example, Jim might see this:
$ mtn list keys [public keys] 398cb10dcd4fadf4f7849a3734b626a83e0bb2ae jim@juicebot.co.jp (*) (*) - only in /home/jim/.monotone/keys/ [private keys] 398cb10dcd4fadf4f7849a3734b626a83e0bb2ae jim@juicebot.co.jp
The hexadecimal string printed out before each key name is a fingerprint of the key, and can be used to verify that the key you have stored under a given name is the one you intended to store. Monotone will never permit one keystore to store two keys with the same fingerprint, however distincts keys with equal names are possible.
This output shows one private and one public key stored under the name
jim@juicebot.co.jp, so it indicates that Jim’s key-pair has been
successfully generated and stored. On subsequent commands, Jim will need
to re-enter his passphrase in order to perform security-sensitive
tasks.
Pretty soon Jim gets annoyed when he has to enter his passphrase every
time he invokes mtn (and, more importantly, it simplifies the
tutorial text to skip the passphrase prompts) so he decides to use
ssh-agent to store his key. He does this by using the
ssh_agent_export command to export his key into a format that
ssh-agent can understand and adding it with ssh-add.
$ mtn ssh_agent_export ~/.ssh/id_monotone enter passphrase for key ID [user@example.com] (1234abcd...): enter new passphrase for key ID [user@example.com] (1234abcd...): confirm passphrase for key ID [user@example.com] (1234abcd...): $ chmod 600 ~/.ssh/id_monotone
From now on, Jim just needs to add his key to ssh-agent when he logs in and he will not need to enter his passphrase every time he uses monotone.
$ ssh-agent /bin/bash $ ssh-add ~/.ssh/id_monotone Enter passphrase for /home/user/.ssh/id_monotone: Identity added: /home/user/.ssh/id_monotone (/home/user/.ssh/id_monotone) $ mtn ci -m"Changed foo to bar" $ mtn push
The following procedure is deprecated and not suggested for general use as it is very insecure.
Jim isn’t very worried about security so he decides to store his passphrase in his monotonerc file. He does this by writing a hook function which returns the passphrase:
$ mkdir ~/.monotone $ cat >>~/.monotone/monotonerc function get_passphrase(key_identity) return "jimsekret" end ^D
Now whenever monotone needs his passphrase, it will call this function
instead of prompting him to type it. Note that we are appending the new
hook to the (possibly existing) file. We do this to avoid losing other
changes by mistake; therefore, be sure to check that no other
get_passphrase function appears in the configuration file.
Abe and Beth do the same, with their secret passphrases.
Next: Starting a New Project, Previous: Creating a Database, Up: Tutorial [Contents][Index]