[Monotone-devel] Multiple keys with the same name

[Timothy Brownawell]

Here is a perl script to take all certs issued by a given key, and
reissue then with a different key. To take all certs issued with a key,
and reissue them with a different key with the same name, first reissue
them with a temporary key, then remove the old key and add the new key,
and reissue with the new key.

It would be a Bad Idea to do this to get rid of a key that has been
synced to a public server. If you have multiple keys with the same name
that have been synced publicly, it would probably be better to have
separate keystores (--keydir=wherever) for each database, and just
remember which goes with which (should there be a "database:
default-keydir" db var to remember this?).

This has not been fully tested, as I don't have different keys of the
same name to test it with :)

So, for multiple databases with different keys that have the same name:
(0) BACK UP each db.
(1) migrate each db, using the --keydir option to put the keys in
different places
(2) make a temporary key in the default keystore:
   mtn genkey address@hidden
(3) for each db that you do not want to keep the key from, copy that key
to the default keystore (~/.monotone/keys) and run the following:

# reissue the certs

chkey.pl mt.db~ address@hidden address@hidden

# make sure that all the certs really did get reissued

mtn -d mt.db~ db execute "select keypair from revision_certs where
keypair = 'address@hidden'" | wc -l

mtn -d mt.db~ db execute "select keypair from revision_certs where
keypair = 'address@hidden'" | wc -l

# if the numbers are the same, delete the old certs with

mtn -d mt.db~ db execute "delete from revision_certs where keypair =
'address@hidden'"

(4) copy the key you want to keep to the default keystore, and run the
same commands on each database (except the one you're keeping the key
from) with 'oldkey' replaced by 'tempkey' and 'tempkey' replaced by the
new key (which should have the same name as the old key)

chkey.pl
Description: Perl program