cic-staff-installer/setup_key.sh

73 lines
2.2 KiB
Bash

export GPG_TTY=$(tty)
echo You have not selected a key to use. We will now make a new one.
echo The personal details you provide below will not be shared anywhere without getting your permission first.
pgp_ok=
while [ -z $pgp_ok ]; do
echo
echo -n "Your name: "
read pgp_name
echo -n "Your email: "
read pgp_email
echo
echo "You have entered: "
echo "Name: $pgp_name"
echo "Email: $pgp_email"
echo
echo -n "(Yes/No): "
read pgp_r
r=${pgp_r:0:1}
if [[ "$r" =~ ^[yY] ]]; then
pgp_ok=1
fi
echo
echo "Ok, let's try again..."
done
echo -e "\e[0;93mYou will now be asked for a passphrase to protect your new key."
echo "It will not be shown back to you as you type, nor after you have typed it in."
echo "If you lose this passphrase you WILL lose access to your key PERMANENTLY."
echo "Keep it secret."
echo -e "Keep it safe.\e[0m"
stty -echo
password_match=
while [ -z $password_match ]; do
echo
echo -n "password: "
read password
echo
echo -n "password again: "
read password_again
echo
if [ "$password" == "$password_again" ]; then
password_match=1
else
echo "passwords do not match, try again"
fi
done
stty echo
password_file=`mktemp`
touch $password_file
chmod -v 600 $password_file
echo -n $password > $password_file
t=`mktemp -d`
gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --quick-gen-key "$pgp_name (CIC staff client signing key) <$pgp_email>" secp256k1 sign 0
mkdir -vp $HOME/.config/cic/staff-client/.gnupg
chmod 0700 -v $HOME/.config/cic/staff-client/.gnupg
gpg --homedir $t --pinentry-mode loopback --passphrase-file $password_file --export-secret-keys | gpg --pinentry-mode loopback --passphrase-file $password_file --homedir $HOME/.config/cic/staff-client/.gnupg --import
gpg --homedir $HOME/.config/cic/staff-client/.gnupg --export -a > $HOME/.config/cic/staff-client/user.asc
gpg --list-packets $HOME/.config/cic/staff-client/user.asc | awk '/issuer fpr/ { print $9; }' | cut -b -40 > $HOME/.config/cic/staff-client/key_fingerprint
gpg --homedir $HOME/.config/cic/staff-client/.gnupg --pinentry-mode loopback --passphrase-file $password_file --quick-add-key `cat $HOME/.config/cic/staff-client/key_fingerprint` default encrypt 0
shred -v $password_file