reimplemented create/extend
This commit is contained in:
parent
0f914c825f
commit
c38f1c07ad
GPG key ID:
547787A4FE6533F1
1 changed files with 45 additions and 44 deletions
89
gpgtool
89
gpgtool
|
|
@ -193,6 +193,51 @@ closeall () {
|
|||
done
|
||||
}
|
||||
|
||||
# Creates a new key and stores it in the key path.
|
||||
create () {
|
||||
echo "----- Create master key:"
|
||||
gpg --homedir "${tempdir}/gpghome" --full-generate-key
|
||||
echo -n "----- Enter the fingerprint of your new key: "
|
||||
read id
|
||||
echo "----- Add dedicated signing key; end with \`save\`:"
|
||||
gpg --homedir "${tempdir}/gpghome" --edit-key ${id} addkey
|
||||
echo "----- Moving secret key …"
|
||||
keygrip=$(gpg --homedir "${tempdir}/gpghome" --with-keygrip --list-key ${id} | grep Keygrip | head -n 1 | awk {'print $3'})
|
||||
mv ${tempdir}/gpghome/private-keys-v1.d/${keygrip}.key ${keypath}/${id}/
|
||||
echo "----- Exporting …"
|
||||
exdir=${keypath}/${id}/$(date +%F)
|
||||
mkdir -p ${exdir}
|
||||
gpg --homedir "${tempdir}/gpghome" --armor --export-secret-keys ${id} > ${keypath}/${id}/${id}.private.asc
|
||||
gpg --homedir "${tempdir}/gpghome" --armor --export ${id} > ${keypath}/${id}/${id}.public.asc
|
||||
cp ${keypath}/${id}/${id}.*.asc ${exdir}
|
||||
mv /home/daniel/.gnupg/openpgp-revocs.d/${id}.rev ${keypath}/${id}/
|
||||
echo "----- Restoring secret key for further modification …"
|
||||
ln -sf ${keypath}/${id}/${keygrip}.key ${tempdir}/gpghome/private-keys-v1.d/
|
||||
echo "----- Remember to send & close when done!"
|
||||
}
|
||||
|
||||
# Extends an open key.
|
||||
extend () {
|
||||
id=${1}
|
||||
echo "----- Step 1: change expiry date; end with \`save\`:"
|
||||
gpg --homedir "${tempdir}/gpghome" --edit-key ${id} expire
|
||||
echo "----- Step 2: add new encryption key; end with \`save\`:"
|
||||
gpg --homedir "${tempdir}/gpghome" --edit-key ${id} addkey
|
||||
echo "----- Step 3: add new sign key; end with \`save\`:"
|
||||
gpg --homedir "${tempdir}/gpghome" --edit-key ${id} addkey
|
||||
echo "----- Removing secret key …"
|
||||
keygrip=$(gpg --homedir "${tempdir}/gpghome" --with-keygrip --list-key ${id} | grep Keygrip | head -n 1 | awk {'print $3'})
|
||||
rm ${tempdir}/gpghome/private-keys-v1.d/${keygrip}.key
|
||||
echo "----- Exporting …"
|
||||
exdir=$(dirname $(ls ${keypath}/${id}))/$(date +%F)
|
||||
mkdir $exdir
|
||||
gpg --homedir "${tempdir}/gpghome" --armor --export-secret-keys ${id} > ${keypath}/${id}/${id}.private.asc
|
||||
gpg --homedir "${tempdir}/gpghome" --armor --export ${id} > ${keypath}/${id}/${id}.public.asc
|
||||
cp ${keypath}/${id}/${id}.*.asc ${exdir}
|
||||
echo "----- Restoring secret key …"
|
||||
ln -sf ${keypath}/${id}/${keygrip}.key ${tempdir}/gpghome/private-keys-v1.d/
|
||||
}
|
||||
|
||||
# Sends keys to key servers.
|
||||
send () {
|
||||
zparseopts -D -E -- -keyserver=servers:
|
||||
|
|
@ -250,47 +295,3 @@ done
|
|||
[[ "$(type -w $1)" =~ "(.+\s+)?function" && ! "$1" =~ "_.*" ]] \
|
||||
&& $@ \
|
||||
|| echo "Invalid command: $1. See \`$0 --help\`." >&2 && exit 64
|
||||
|
||||
#==================================================
|
||||
|
||||
# 1. create a new key then
|
||||
# 2. do this with the FULL key id!
|
||||
# gpgtools init fullid name
|
||||
create () {
|
||||
id=${1}
|
||||
echo "----- Add dedicated Signing Key"
|
||||
gpg --edit-key ${id} addkey
|
||||
echo "----- Exporting …"
|
||||
exdir=${_dir}/${id: -8}-${2}/$(date +%F)
|
||||
mkdir -p ${exdir}
|
||||
gpg --armor --export-secret-keys ${id} > ${exdir}/${id: -8}.private.asc
|
||||
gpg --armor --export ${id} > ${exdir}/${id: -8}.public.asc
|
||||
mv /home/daniel/.gnupg/openpgp-revocs.d/${id}.rev ${_dir}/${id: -8}-${2}/
|
||||
echo "----- Moving secret key …"
|
||||
keygrip=$(gpg --with-keygrip --list-key ${id} | grep Keygrip | head -n 1 | awk {'print $3'})
|
||||
mv ~/.gnupg/private-keys-v1.d/${keygrip}.key ${_dir}/${id: -8}-${2}
|
||||
echo "----- Verify that private master key is gone (#)!"
|
||||
gpg --list-secret-keys | grep -C 5 ${id}
|
||||
echo "----- Opening key for further modification …"
|
||||
open $id
|
||||
echo "----- Remember to send & close when done!"
|
||||
}
|
||||
# gpgtools extend keyid
|
||||
extend () {
|
||||
id=${1}
|
||||
open ${id}
|
||||
echo "----- Step 1: change expiry date"
|
||||
gpg --edit-key ${id} expire
|
||||
echo "----- Step 2: add new encryption key"
|
||||
gpg --edit-key ${id} addkey
|
||||
echo "----- Step 3: add new sign key"
|
||||
gpg --edit-key ${id} addkey
|
||||
echo "----- Exporting …"
|
||||
exdir=$(dirname $(ls ${_dir}/${id: -8}*/*.key))/$(date +%F)
|
||||
mkdir $exdir
|
||||
gpg --armor --export-secret-keys ${id} > ${exdir}/${id}.private.asc
|
||||
gpg --armor --export ${id} > ${exdir}/${id}.public.asc
|
||||
echo "----- Uploading …"
|
||||
send ${id}
|
||||
close ${id}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue