From 5825072303098848e16ddd3c4a31b36506ed6430 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Fri, 29 Apr 2016 07:26:50 -0400 Subject: kiki keygen script --- keygen.sh | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100755 keygen.sh (limited to 'keygen.sh') diff --git a/keygen.sh b/keygen.sh new file mode 100755 index 0000000..005a5a4 --- /dev/null +++ b/keygen.sh @@ -0,0 +1,106 @@ +#!/bin/sh + +gpg_set_ultimate_trust() +{ + local keygrip + keygrip=$(gpg -K --with-colons|sed -ne '/^sec:/{p;q}'|cut -d: -f5) + + expect - -- "$keygrip" <<'END' + + set keygrip "[lindex $argv 0]" + + spawn gpg --edit-key "$keygrip" trust + + expect "Your decision?" + send -- "5\n" + expect "Do you really want to set this key to ultimate trust?" + send -- "y\n" + expect "gpg>" + send -- "save\n" + send_tty "\r" + +END +} + +add() +{ + kiki merge \ + --flow=sync \ + --home${2:+="$2"} \ + --create=rsa:4096 \ + --flow=spill,match="$1" \ + --type=pem \ + --access=secret \ + nil +} + +silent() { "$@" >/dev/null 2>&1; } + +init() +{ + local root="$1" + + if [ "$root" ]; then + mkdir -m0600 -p "$root"/root/.gnupg + fi + + kiki init ${root:+--chroot "$root"} + add encrypt ${root:+"$root/root/.gnupg"} + add sign ${root:+"$root/root/.gnupg"} + + ( + [ "$root" ] && export GNUPGHOME="$root/root/.gnupg/" + gpg_set_ultimate_trust + ) +} + +sync() +{ + local home1="$1"/root/.gnupg home2="$2"/root/.gnupg + kiki sync-public \ + --homedir "$home1" \ + --passphrase-fd=0 \ + --import-if-authentic \ + --autosign \ + --keyrings "$home2"/pubring.gpg + kiki sync-secret \ + --homedir "$home1" \ + --autosign --import +} + +doublecheck() +{ + gpg2 --clearsign &1 4>&2 + exec >/dev/null 2>&1 +} + +noisy() +{ + exec >&3 2>&1 +} + +set -e + +silent + + init + init child + + sync child '' + sync '' child + + gpg2 --check-trustdb + gpg2 --check-trustdb --homedir child/root/.gnupg + + doublecheck child + +noisy + +gpg2 -k +gpg2 -k --homedir child/root/.gnupg -- cgit v1.2.3