X-Git-Url: http://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=remote%2Fgpg-gen-key;fp=remote%2Fgpg-gen-key;h=fc7ddf720e5e0f02184ddb3aea046a3bdf968c63;hp=0000000000000000000000000000000000000000;hb=3ad6118386977e346d81042e924e5db9c5f15b7d;hpb=22f04b9fac14adc3d3fc98273ba126c3a51792c3 diff --git a/remote/gpg-gen-key b/remote/gpg-gen-key new file mode 100755 index 0000000..fc7ddf7 --- /dev/null +++ b/remote/gpg-gen-key @@ -0,0 +1,46 @@ +#!/bin/sh -eu +# DESCRIPTION: génère une clef OpenPGP primaire pour $uid et une clef secondaire par $subkey_caps +# SYNTAX: $uid +# ENV: $gpg_options +# ENV: $subkey_caps +tool=$(readlink -e "${0%/*}/..") +. "$tool"/remote/lib.sh + +uid="$1" +install -d -m 700 \ + var/pub/openpgp +install -d -m 700 \ + var/sec \ + var/sec/openpgp +if test ! -e "$tool"/var/sec/openpgp/"$uid".pass.gpg + then gpg --encrypt $gpg_options -o "$tool"/var/sec/openpgp/"$uid".pass.gpg <<-EOF + $(stdbuf --output 0 tr -d -c '[:alnum:][:punct:]' <"${random:-/dev/urandom}" | head -c 42) + EOF + fi +if ! "$tool"/remote/gpg --list-keys -- "$uid" >/dev/null + then + "$tool"/remote/gpg --batch --gen-key + # DOC: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS;hb=refs/heads/STABLE-BRANCH-1-4 + Key-Type: RSA + Key-Length: 4096 + Key-Usage: sign + Passphrase:$(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg) + Preferences: TWOFISH AES256 CAST5 BLOWFISH CAMELLIA256 3DES SHA512 SHA384 SHA256 SHA224 SHA1 BZIP2 ZLIB ZIP NONE MDC NO-KS-MODIFY + $(cat -) + %commit + EOF + fi +caps=$( + "$tool"/remote/gpg --with-colons --fixed-list-mode --with-fingerprint --list-secret-keys \ + -- "$uid" | + sed -e 's/^ssb\(:[^:]*\)\{11\}.*/\1/;t;d' + ) +for cap in ${subkey_caps:-} + do + test ! "$caps" = "$(printf %s "$caps" | sed -e 's/'"$cap"'//g')" || + printf '%s\n' 8 s e $cap q 4096 ${expire:-0} save | + "$tool"/remote/gpg --keyid-format "long" --with-colons --fixed-list-mode --expert \ + --passphrase-fd 3 --command-fd 0 --edit-key "$uid" addkey 3<<-EOF + $(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg) + EOF + done