Modification : vm_{host,hosted,remote} -> {host,local,remote}/ .

[lhc/ateliers.git] / remote / gpg-gen-key

diff --git a/remote/gpg-gen-key b/remote/gpg-gen-key
new file mode 100755 (executable)
index 0000000..fc7ddf7
--- /dev/null
+++ b/remote/gpg-gen-key
@@ -0,0 +1,46 @@
+#!/bin/sh -eu
+# DESCRIPTION: génère une clef OpenPGP primaire pour $uid et une clef secondaire par $subkey_caps
+# SYNTAX: $uid
+# ENV: $gpg_options
+# ENV: $subkey_caps
+tool=$(readlink -e "${0%/*}/..")
+. "$tool"/remote/lib.sh
+
+uid="$1"
+install -d -m 700 \
+ var/pub/openpgp
+install -d -m 700 \
+ var/sec \
+ var/sec/openpgp
+if test ! -e "$tool"/var/sec/openpgp/"$uid".pass.gpg
+ then gpg --encrypt $gpg_options -o "$tool"/var/sec/openpgp/"$uid".pass.gpg <<-EOF
+               $(stdbuf --output 0 tr -d -c '[:alnum:][:punct:]' <"${random:-/dev/urandom}" | head -c 42)
+               EOF
+ fi
+if ! "$tool"/remote/gpg --list-keys -- "$uid" >/dev/null
+ then
+       "$tool"/remote/gpg --batch --gen-key
+               # DOC: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS;hb=refs/heads/STABLE-BRANCH-1-4
+               Key-Type: RSA
+               Key-Length: 4096
+               Key-Usage: sign
+               Passphrase:$(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg)
+               Preferences: TWOFISH AES256 CAST5 BLOWFISH CAMELLIA256 3DES SHA512 SHA384 SHA256 SHA224 SHA1 BZIP2 ZLIB ZIP NONE MDC NO-KS-MODIFY
+               $(cat -)
+               %commit
+               EOF
+ fi
+caps=$(
+       "$tool"/remote/gpg --with-colons --fixed-list-mode --with-fingerprint --list-secret-keys \
+        -- "$uid" |
+       sed -e 's/^ssb\(:[^:]*\)\{11\}.*/\1/;t;d'
+ )
+for cap in ${subkey_caps:-}
+ do
+       test ! "$caps" = "$(printf %s "$caps" | sed -e 's/'"$cap"'//g')" ||
+       printf '%s\n' 8 s e $cap q 4096 ${expire:-0} save |
+       "$tool"/remote/gpg --keyid-format "long" --with-colons --fixed-list-mode --expert \
+        --passphrase-fd 3 --command-fd 0 --edit-key "$uid" addkey 3<<-EOF
+               $(gpg --decrypt ${gpg_options-} "$tool"/var/sec/openpgp/"$uid".pass.gpg)
+               EOF
+ done