cic-staff-installer/setup_key.sh

export GPG_TTY=$(tty)

echo You have not selected a key to use. We will now make a new one.
echo The personal details you provide below will not be shared anywhere without getting your permission first.

pgp_ok=
while [ -z $pgp_ok ]; do
	echo
	echo -n "Your name: "
	read pgp_name
	echo -n "Your email: "
	read pgp_email
	echo 
	echo "You have entered: "
	echo "Name:	$pgp_name"
	echo "Email:	$pgp_email"
	echo
	echo -n "(Yes/No): "
	read pgp_r
	r=${pgp_r:0:1}
	if [[ "$r" =~ ^[yY] ]]; then
		pgp_ok=1
	fi
	echo 
	echo "Ok, let's try again..."
done

echo -e "\e[0;93mYou will now be asked for a passphrase to protect your new key."
echo "It will not be shown back to you as you type, nor after you have typed it in."
echo "If you lose this passphrase you WILL lose access to your key PERMANENTLY."
echo "Keep it secret."
echo -e "Keep it safe.\e[0m"

stty -echo
password_match=
while [ -z $password_match ]; do
	echo
	echo -n "password: "
	read password
	echo 
	echo -n "password again: "
	read password_again
	echo 

	if [ "$password" == "$password_again" ]; then
		password_match=1	
	else
		echo "passwords do not match, try again"
	fi
done
stty echo

password_file=`mktemp`
touch $password_file
chmod -v 600 $password_file
echo -n $password > $password_file

t=`mktemp -d`
gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --quick-gen-key "$pgp_name (CIC staff client signing key) <$pgp_email>" secp256k1 sign 0


mkdir -vp $HOME/.config/cic/staff-client/.gnupg
chmod 0700 -v $HOME/.config/cic/staff-client/.gnupg

gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --export-secret-keys | gpg --pinentry-mode loopback --passphrase-file $password_file --homedir $HOME/.config/cic/staff-client/.gnupg --import
gpg --homedir $HOME/.config/cic/staff-client/.gnupg --export -a > $HOME/.config/cic/staff-client/user.asc

gpg --list-packets $HOME/.config/cic/staff-client/user.asc | awk '/issuer fpr/ { print $9; }' | cut -b -40 > $HOME/.config/cic/staff-client/key_fingerprint

gpg --homedir $HOME/.config/cic/staff-client/.gnupg --pinentry-mode loopback --passphrase-file $password_file --quick-add-key `cat $HOME/.config/cic/staff-client/key_fingerprint` default encrypt 0

shred -v $password_file
Correct gpg tty on su/sudo 2021-11-10 11:32:14 +01:00			`export GPG_TTY=$(tty)`

Complete cic-cache bootstrap and setup 2021-11-10 09:43:30 +01:00			`echo You have not selected a key to use. We will now make a new one.`
			`echo The personal details you provide below will not be shared anywhere without getting your permission first.`

			`pgp_ok=`
			`while [ -z $pgp_ok ]; do`
			`echo`
			`echo -n "Your name: "`
			`read pgp_name`
			`echo -n "Your email: "`
			`read pgp_email`
			`echo`
			`echo "You have entered: "`
			`echo "Name: $pgp_name"`
			`echo "Email: $pgp_email"`
			`echo`
			`echo -n "(Yes/No): "`
			`read pgp_r`
			`r=${pgp_r:0:1}`
Add readme, avoid forced gpg import (and trust) for main user gpg config 2021-11-11 18:42:29 +01:00			`if [[ "$r" =~ ^[yY] ]]; then`
Complete cic-cache bootstrap and setup 2021-11-10 09:43:30 +01:00			`pgp_ok=1`
			`fi`
			`echo`
			`echo "Ok, let's try again..."`
			`done`

			`echo -e "\e[0;93mYou will now be asked for a passphrase to protect your new key."`
			`echo "It will not be shown back to you as you type, nor after you have typed it in."`
			`echo "If you lose this passphrase you WILL lose access to your key PERMANENTLY."`
			`echo "Keep it secret."`
			`echo -e "Keep it safe.\e[0m"`

Add systemd initialization 2021-11-11 08:29:03 +01:00			`stty -echo`
			`password_match=`
			`while [ -z $password_match ]; do`
			`echo`
			`echo -n "password: "`
			`read password`
			`echo`
			`echo -n "password again: "`
			`read password_again`
			`echo`

			`if [ "$password" == "$password_again" ]; then`
			`password_match=1`
			`else`
			`echo "passwords do not match, try again"`
			`fi`
			`done`
			`stty echo`

			password_file=`mktemp`
			`touch $password_file`
			`chmod -v 600 $password_file`
			`echo -n $password > $password_file`

Complete cic-cache bootstrap and setup 2021-11-10 09:43:30 +01:00			t=`mktemp -d`
Add systemd initialization 2021-11-11 08:29:03 +01:00			`gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --quick-gen-key "$pgp_name (CIC staff client signing key) <$pgp_email>" secp256k1 sign 0`
Complete cic-cache bootstrap and setup 2021-11-10 09:43:30 +01:00

			`mkdir -vp $HOME/.config/cic/staff-client/.gnupg`
			`chmod 0700 -v $HOME/.config/cic/staff-client/.gnupg`

Add systemd initialization 2021-11-11 08:29:03 +01:00			`gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --export-secret-keys \| gpg --pinentry-mode loopback --passphrase-file $password_file --homedir $HOME/.config/cic/staff-client/.gnupg --import`
Correct gpg tty on su/sudo 2021-11-10 11:32:14 +01:00			`gpg --homedir $HOME/.config/cic/staff-client/.gnupg --export -a > $HOME/.config/cic/staff-client/user.asc`
Complete cic-cache bootstrap and setup 2021-11-10 09:43:30 +01:00
			`gpg --list-packets $HOME/.config/cic/staff-client/user.asc \| awk '/issuer fpr/ { print $9; }' \| cut -b -40 > $HOME/.config/cic/staff-client/key_fingerprint`
Add systemd initialization 2021-11-11 08:29:03 +01:00
Add enc key to correct homedir, finish env for systemd 2021-11-11 11:33:18 +01:00			gpg --homedir $HOME/.config/cic/staff-client/.gnupg --pinentry-mode loopback --passphrase-file $password_file --quick-add-key `cat $HOME/.config/cic/staff-client/key_fingerprint` default encrypt 0
Add systemd initialization 2021-11-11 08:29:03 +01:00
			`shred -v $password_file`