The SDSI shell, `sdsi2sh', is a very useful SDSI tool. The shell
allows you to create, sign, and issue certificates. If you're at home
typing commands or writing scripts to do things, sdsi2sh is for
you. The command environment is rather flexible: named variables are
used with all commands, and command results are returned in new named
variables.
You start the shell by typing `sdsi2sh'. The shell reads your
public key out of your principal file
`~/.sdsi/your-principal.sdsi2', and then tries to find the
corresponding private key - in your PGP private keyring, if you
made a PGP key, or in your SSH identity file, if you made an SSH key.
sdsi2sh prompts you for the passphrase so it can unlock your
private key, so you can use it to sign certificates.
Once it has your private key, sdsi2sh presents a simple prompt:
sdsi2sh>
From this prompt, you issue commands. You can see the list of commands by typing `help'. The commands currently available are:
sdsi2sh> help command summary: help or ? - displays help define - defines a new S-expression variable define-string - defines a new bytestring variable print - prints a variable width - sets the display width dollar - sets the next $ temporary number hash - hashes an object sign - signs an object cache - adds an object to the cache search - compose a cache search
You can get a little more detailed help on an individual command by doing `help command'. For example, to find out more about the `sign' command, used for signing objects:
sdsi2sh> help sign help for sign: usage: sign <object> [<include-key-as-hash-flag>] - returns your signature on <object>. if <include-key-as-hash-flag> is given, includes the verification key as a hash instead of outright.
In the shell, all commands take their arguments - with the exception of
their integer arguments - through named variables. SDSI objects are
never given literally on the command line. Variables are introduced
with the define command, and can be displayed with the
print command. Here are examples of how variables are created and
displayed:
sdsi2sh> define foo (foo a b c) sdsi2sh> print foo (foo a b c) sdsi2sh> define bar (bar x y z) sdsi2sh> print bar (bar x y z) sdsi2sh> define foo (zoop zoop) sdsi2sh> print foo (zoop zoop) sdsi2sh>
See how redefining a variable that is already defined gives no error, and the new value simply replaces the old value of the variable.
There is one predefined variable in sdsi2sh: the speaker
variable is initially defined to be your SDSI public key. You can redefine
speaker if you want, however.
Once variables have been defined, you can give them to commands.
For example, to sign an object, you put it in a variable and then
use that variable with the sign command:
sdsi2sh> define foo (zoop zoop) sdsi2sh> sign foo (signature (hash md5 |nsjklw4yb2cqKAh2e68Aug==|) (public-key rsa-pkcs1-md5 (e #11#) (n |AM30TzJanfRxoZUu0zgniBGv/C82xzvna1BjB0BFbkSELk9Ltn7biJ/q 6FHN5YCO78EiVM3/MEZegNS8ZXDy7HU=|)) |AKVs9CwfqUsj8zkayoglT1N/cAm/i0zlWwoG2QyCo0p4dwx7PqYQdF0yG5 /59xEylMQBuPM2ZIae3oOvFfGhWAA=|) that returned value has been named $0.
Note how the result of the sign is both displayed and
assigned to a new named variable, $0. A new "dollar temporary" is
defined to hold the result of any command that returns some value, to allow
the use of that value in subsequent commands.
The next command's result will go into $1, and so forth. You
can set what the next dollar temporary will be by using the dollar
command: `dollar 0' starts the dollar temporaries over at zero again.
TBD
Go to the first, previous, next, last section, table of contents.