2 # DESCRIPTION: génère une clef OpenPGP primaire pour $uid et une clef secondaire par $subkey_caps
6 tool
=$
(readlink
-e "${0%/*}/..")
7 .
"$tool"/remote
/lib.sh
15 if test ! -e "$tool"/var
/sec
/openpgp
/"$uid".pass.gpg
16 then gpg
--encrypt $gpg_options -o "$tool"/var
/sec
/openpgp
/"$uid".pass.gpg
<<-EOF
17 $(stdbuf --output 0 tr -d -c '[:alnum:][:punct:]' <"${random:-/dev/urandom}" | head -c 42)
20 if ! "$tool"/remote
/gpg
--list-keys -- "$uid" >/dev
/null
22 "$tool"/remote
/gpg
--batch --gen-key
23 # DOC: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS;hb=refs/heads/STABLE-BRANCH-1-4
27 Passphrase
:$
(gpg
--decrypt ${gpg_options-} "$tool"/var
/sec
/openpgp
/"$uid".pass.gpg
)
28 Preferences
: TWOFISH AES256 CAST5 BLOWFISH CAMELLIA256
3DES SHA512 SHA384 SHA256 SHA224 SHA1 BZIP2 ZLIB ZIP NONE MDC NO-KS-MODIFY
33 caps
=$
("$tool"/remote
/gpg
--with-colons --fixed-list-mode --with-fingerprint --list-secret-keys \
34 -- "$uid" |
grep '^ssb:' | cut
-d : -f 12)
35 for cap
in ${subkey_caps:-}
37 printf '%s\n' $caps |
grep -Fqx "$cap" ||
38 printf '%s\n' 8 s e
$cap q
4096 ${expire:-0} save |
39 "$tool"/remote
/gpg
--keyid-format "long" --with-colons --fixed-list-mode --expert \
40 --passphrase-fd 3 --command-fd 0 --edit-key "$uid" addkey
3<<-EOF
41 $(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg)