export GPG_TTY=$(tty)

echo You have not selected a key to use. We will now make a new one.
echo The personal details you provide below will not be shared anywhere without getting your permission first.

pgp_ok=
while [ -z $pgp_ok ]; do
	echo
	echo -n "Your name: "
	read pgp_name
	echo -n "Your email: "
	read pgp_email
	echo 
	echo "You have entered: "
	echo "Name:	$pgp_name"
	echo "Email:	$pgp_email"
	echo
	echo -n "(Yes/No): "
	read pgp_r
	r=${pgp_r:0:1}
	if [[ "$r" =~ ^[yY] ]]; then
		pgp_ok=1
	fi
	echo 
	echo "Ok, let's try again..."
done

echo -e "\e[0;93mYou will now be asked for a passphrase to protect your new key."
echo "It will not be shown back to you as you type, nor after you have typed it in."
echo "If you lose this passphrase you WILL lose access to your key PERMANENTLY."
echo "Keep it secret."
echo -e "Keep it safe.\e[0m"

stty -echo
password_match=
while [ -z $password_match ]; do
	echo
	echo -n "password: "
	read password
	echo 
	echo -n "password again: "
	read password_again
	echo 

	if [ "$password" == "$password_again" ]; then
		password_match=1	
	else
		echo "passwords do not match, try again"
	fi
done
stty echo

password_file=`mktemp`
touch $password_file
chmod -v 600 $password_file
echo -n $password > $password_file

t=`mktemp -d`
gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --quick-gen-key "$pgp_name (CIC staff client signing key) <$pgp_email>" secp256k1 sign 0


mkdir -vp $HOME/.config/cic/staff-client/.gnupg
chmod 0700 -v $HOME/.config/cic/staff-client/.gnupg

gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --export-secret-keys | gpg --pinentry-mode loopback --passphrase-file $password_file --homedir $HOME/.config/cic/staff-client/.gnupg --import
gpg --homedir $HOME/.config/cic/staff-client/.gnupg --export -a > $HOME/.config/cic/staff-client/user.asc

gpg --list-packets $HOME/.config/cic/staff-client/user.asc | awk '/issuer fpr/ { print $9; }' | cut -b -40 > $HOME/.config/cic/staff-client/key_fingerprint

gpg --homedir $HOME/.config/cic/staff-client/.gnupg --pinentry-mode loopback --passphrase-file $password_file --quick-add-key `cat $HOME/.config/cic/staff-client/key_fingerprint` default encrypt 0

shred -v $password_file