remote/gpg-gen-key

   1 #!/bin/sh -eu
   2 # DESCRIPTION: génère une clef OpenPGP primaire pour $uid et une clef secondaire par $subkey_caps
   3 # SYNTAX: $uid
   4 # ENV: $gpg_options
   5 # ENV: $subkey_caps
   6 tool=$(readlink -e "${0%/*}/..")
   7 . "$tool"/remote/lib.sh
   8
   9 uid="$1"
  10 install -d -m 700 \
  11  var/pub/openpgp
  12 install -d -m 700 \
  13  var/sec \
  14  var/sec/openpgp
  15 if test ! -e "$tool"/var/sec/openpgp/"$uid".pass.gpg
  16  then gpg --encrypt $gpg_options -o "$tool"/var/sec/openpgp/"$uid".pass.gpg <<-EOF
  17                 $(stdbuf --output 0 tr -d -c '[:alnum:][:punct:]' <"${random:-/dev/urandom}" | head -c 42)
  18                 EOF
  19  fi
  20 if ! "$tool"/remote/gpg --list-keys -- "$uid" >/dev/null
  21  then
  22         "$tool"/remote/gpg --batch --gen-key
  23                 # DOC: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS;hb=refs/heads/STABLE-BRANCH-1-4
  24                 Key-Type: RSA
  25                 Key-Length: 4096
  26                 Key-Usage: sign
  27                 Passphrase:$(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg)
  28                 Preferences: TWOFISH AES256 CAST5 BLOWFISH CAMELLIA256 3DES SHA512 SHA384 SHA256 SHA224 SHA1 BZIP2 ZLIB ZIP NONE MDC NO-KS-MODIFY
  29                 $(cat -)
  30                 %commit
  31                 EOF
  32  fi
  33 caps=$("$tool"/remote/gpg --with-colons --fixed-list-mode --with-fingerprint --list-secret-keys \
  34          -- "$uid" | grep '^ssb:' | cut -d : -f 12)
  35 for cap in ${subkey_caps:-}
  36  do
  37         printf '%s\n' $caps | grep -Fqx "$cap" ||
  38         printf '%s\n' 8 s e $cap q 4096 ${expire:-0} save |
  39         "$tool"/remote/gpg --keyid-format "long" --with-colons --fixed-list-mode --expert \
  40          --passphrase-fd 3 --command-fd 0 --edit-key "$uid" addkey 3<<-EOF
  41                 $(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg)
  42                 EOF
  43  done