s83/YubiKey-Guide
1
0
Fork 0
mirror of https://github.com/drduh/YubiKey-Guide.git synced 2025-05-18 11:07:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

gen key functions

Browse source
This commit is contained in:
drduh 2025-05-10 16:27:14 -07:00
parent f2c4ca3e68
commit 1ab20d5fea
1 changed files with 30 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

27
scripts/generate.sh
View file

@ -11,7 +11,7 @@ export LC_ALL="C"
export GNUPGHOME=$(mktemp -d -t $(date +%Y.%m.%d)-XXXX) export GNUPGHOME=$(mktemp -d -t $(date +%Y.%m.%d)-XXXX)
cd "${GNUPGHOME}" ; pwd cd "${GNUPGHOME}" ; printf "saving to %s\n" "$(pwd)"
export IDENTITY="YubiKey User <yubikey@example.domain>" export IDENTITY="YubiKey User <yubikey@example.domain>"
@ -30,23 +30,40 @@ get_pass () {
export CERTIFY_PASS="$(get_pass)" export CERTIFY_PASS="$(get_pass)"
gen_key_certify () {
# Generates Certify key with no expiration.
echo "$CERTIFY_PASS" | \ echo "$CERTIFY_PASS" | \
gpg --batch --passphrase-fd 0 \ gpg --batch --passphrase-fd 0 \
--quick-generate-key "$IDENTITY" "$KEY_TYPE" cert never --quick-generate-key "$IDENTITY" \
"$KEY_TYPE" "cert" "never"
}
set_key_id_fp () {
# Sets Key ID and Fingerprint environment vars.
export KEYID=$(gpg -k --with-colons "$IDENTITY" | \ export KEYID=$(gpg -k --with-colons "$IDENTITY" | \
awk -F: '/^pub:/ { print $5; exit }') awk -F: '/^pub:/ { print $5; exit }')
export KEYFP=$(gpg -k --with-colons "$IDENTITY" | \ export KEYFP=$(gpg -k --with-colons "$IDENTITY" | \
awk -F: '/^fpr:/ { print $10; exit }') awk -F: '/^fpr:/ { print $10; exit }')
}
gen_key_certify
set_key_id_fp
printf "\nKey ID: %40s\nKey FP: %40s\n\n" "$KEYID" "$KEYFP" printf "\nKey ID: %40s\nKey FP: %40s\n\n" "$KEYID" "$KEYFP"
gen_key_subs () {
# Generates Subkeys with specified expiration.
for SUBKEY in sign encrypt auth ; do \ for SUBKEY in sign encrypt auth ; do \
echo "$CERTIFY_PASS" | \ echo "$CERTIFY_PASS" | \
gpg --batch --pinentry-mode=loopback --passphrase-fd 0 \ gpg --batch --passphrase-fd 0 \
--quick-add-key "$KEYFP" "$KEY_TYPE" "$SUBKEY" "$KEY_EXPIRATION" --pinentry-mode=loopback \
--quick-add-key "$KEYFP" \
"$KEY_TYPE" "$SUBKEY" "$KEY_EXPIRATION"
done done
}
gen_key_subs
gpg -K gpg -K