summaryrefslogtreecommitdiff
path: root/gpg
diff options
context:
space:
mode:
authorChristian Pointner <equinox@ffgraz.net>2017-05-30 00:16:55 +0200
committerChristian Pointner <equinox@ffgraz.net>2017-05-30 00:16:55 +0200
commit8cb754dacac0864f6b112e39fd6e7eaf3a339756 (patch)
tree623278e2d9f0cdfc7bf9efb0b11dfbca015e8cd0 /gpg
inital commit
Diffstat (limited to 'gpg')
-rwxr-xr-xgpg/add-key.sh21
-rwxr-xr-xgpg/get-vault-pass.sh2
-rwxr-xr-xgpg/gpg2.sh2
-rwxr-xr-xgpg/list-keys.sh2
-rwxr-xr-xgpg/remove-keys.sh35
-rwxr-xr-xgpg/set-vault-pass.sh20
-rw-r--r--gpg/vault-keyring.gpgbin0 -> 53199 bytes
-rw-r--r--gpg/vault-pass.gpg30
8 files changed, 112 insertions, 0 deletions
diff --git a/gpg/add-key.sh b/gpg/add-key.sh
new file mode 100755
index 0000000..98e2917
--- /dev/null
+++ b/gpg/add-key.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+ echo "no keyfile specified, reading from stdin ..."
+fi
+
+"${BASH_SOURCE%/*}/gpg2.sh" --import $@
+if [ $? -ne 0 ]; then
+ echo -e "\nERROR: import key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg."
+ exit 1
+fi
+
+echo ""
+"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh"
+if [ $? -ne 0 ]; then
+ echo -e "\nERROR: reencrypting vault password file failed!"
+ echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!"
+ exit 1
+fi
+echo "Successfully reencrypted vault password file!"
+echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg."
diff --git a/gpg/get-vault-pass.sh b/gpg/get-vault-pass.sh
new file mode 100755
index 0000000..202c94f
--- /dev/null
+++ b/gpg/get-vault-pass.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null
diff --git a/gpg/gpg2.sh b/gpg/gpg2.sh
new file mode 100755
index 0000000..b00c49c
--- /dev/null
+++ b/gpg/gpg2.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec gpg2 --keyring "${BASH_SOURCE%/*}/vault-keyring.gpg" --secret-keyring /dev/null --no-default-keyring $@
diff --git a/gpg/list-keys.sh b/gpg/list-keys.sh
new file mode 100755
index 0000000..4b01049
--- /dev/null
+++ b/gpg/list-keys.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec "${BASH_SOURCE%/*}/gpg2.sh" --list-keys $@
diff --git a/gpg/remove-keys.sh b/gpg/remove-keys.sh
new file mode 100755
index 0000000..80ae157
--- /dev/null
+++ b/gpg/remove-keys.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+ echo "Please specify at least one key ID!"
+ echo ""
+ echo "You can find out the key ID using the command: gpg/list-keys.sh"
+ echo ""
+ echo " Here is an example output:"
+ echo ""
+ echo " pub rsa4096/0x1234567812345678 2017-01-01 [SC] [expires: 2019-01-01]"
+ echo " Key fingerprint = 1234 5678 1234 5678 1234 5678 1234 5678 1234 5678"
+ echo " uid [ unknown] Firstname Lastname <lastname@example.com>"
+ echo " sub rsa4096/0x8765432187654321 2017-01-01 [E] [expires: 2019-01-01]"
+ echo ""
+ echo " The key ID is the hexadecimal number next to rsa4096/ in the line"
+ echo " starting with pub (not sub). In this case the key ID is: 0x1234567812345678"
+ echo ""
+ exit 1
+fi
+
+"${BASH_SOURCE%/*}/gpg2.sh" --delete-keys $@
+if [ $? -ne 0 ]; then
+ echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg."
+ exit 1
+fi
+
+echo ""
+"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh"
+if [ $? -ne 0 ]; then
+ echo -e "\nERROR: reencrypting vault password file failed!"
+ echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!"
+ exit 1
+fi
+echo "Successfully reencrypted vault password file!"
+echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg."
diff --git a/gpg/set-vault-pass.sh b/gpg/set-vault-pass.sh
new file mode 100755
index 0000000..1fb3426
--- /dev/null
+++ b/gpg/set-vault-pass.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+keyids=$("${BASH_SOURCE%/*}/gpg2.sh" --list-keys --with-colons --fast-list-mode 2>/dev/null | awk -F: '/^pub/{printf "%s\n", $5}')
+if [ -z "$keyids" ]; then
+ echo "ERROR: no keys to encrypt to, is the keyring empty?"
+ exit 1
+fi
+
+receipients=""
+for keyid in $keyids; do
+ receipients="$receipients -r $keyid"
+done
+
+
+"${BASH_SOURCE%/*}/gpg2.sh" --yes --trust-model always --encrypt -a -o "${BASH_SOURCE%/*}/vault-pass.gpg.$$" $receipients
+if [ $? -ne 0 ]; then
+ rm -f "${BASH_SOURCE%/*}/vault-pass.gpg.$$"
+ exit 1
+fi
+mv "${BASH_SOURCE%/*}/vault-pass.gpg.$$" "${BASH_SOURCE%/*}/vault-pass.gpg"
diff --git a/gpg/vault-keyring.gpg b/gpg/vault-keyring.gpg
new file mode 100644
index 0000000..ac982f5
--- /dev/null
+++ b/gpg/vault-keyring.gpg
Binary files differ
diff --git a/gpg/vault-pass.gpg b/gpg/vault-pass.gpg
new file mode 100644
index 0000000..10013e2
--- /dev/null
+++ b/gpg/vault-pass.gpg
@@ -0,0 +1,30 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMA+Cpej/CiKjBAQ/9F6GVffeVLlCbF5Y30yP8drkV3uOFFwi46nUbRtz+VESN
+627nxJookhYBB9RS1r6L1Db17Qi5pgusqeihu7IWdXtvdtcOAmExJ+ePlXUILy4r
+1BKWIDIIj9z2t09v4KAAXEJYtJmRUf7tACmHHBhNbZzN/oaXutEfPrrxLaLg1Pcd
+d1A9J4baa5XMal59BzwToDdz1T1UCa7H/6rm76LuLb+dFttyZw24FnwBkH1aDbcz
+kTdMXzqaNVbh/0jQT3c0ATBltpam+vBx5MqRHJquysdaZ6WIf7vbSnPKopzegMOi
+kdn7H6Hb9u88cZ7ND29NBKvpRUBe5T3HVkHErS/RBZLqfKMzxpf/neFwkUwbK3oH
+agTszNHPDfyM9GqWDeeakp2amlZ4QKAC9WjX/1PHEItivHBettJqyPRTXQ+jqYx/
+jubCeGErOY9T6ub5zwPfyjtUAvZx7nXbWQbkP3IedF7Iq/c0shjuTCDWLwanRCbv
+mrcqdUsxXxw/9B3QB0TqrmKu8WiM1biemQbo3ZE0V4KQUcKeYII5L57XReeU/u5q
+WdtPLdLBQvuIKELXbiEVGqHwvwHo6INVnrkO+18wrgDQ+izxvxxlLzWZLev+pr0f
+PEX263MFK7nloRvaAeStj5/3wcElq3mR7Ksy8D/bbUvPJwRGK+G8Ntc5zDgKVaSF
+AgwDdyX9zyGgIjQBEACwYMmdtlOA/9LNsAvvzygU6N6vHnVcv3nSqLc4c66t5seC
+ytlHXIHtuN9THwYep6scTj8XE6ZIMLpb9mybMneAZajDqwOLQ4tp81wkBjvZysyJ
+OOqTrhZxuglRDbJWbfPfK52F6Gm+I/nFKySU8r8wo7ScqaDtJF9WaKdCSU26+2AC
+spuAatd7vn0DuJoAJFa6KKdwCe8bGy+2oJzNND+wmwt0KgFhI27ghPwQgl+2kshd
+K0t4KCgMC5RM0ixptypPYOrT6L76lwu+QCnpQftdnOemUDDtve3UM/Nbs2c1REve
+RR58faZOYsLq2AibUbdyZii2eRZeGlQhuXzOdhgYrA08qHvT+vJeYSR8QHQ6Q011
+FRe8fgC25MGdtrnDMFhWqZ0cJs2VgT0oyMsgU2KrDCENSuMKdKz+Jsmn2x6L6nrn
+rjZjWqGq0dF8L1EImpBwxd2eh3pgVWXJDUWYeUk9h1jjzN61Sa0imDl5857CxclP
+E0x0wGs7QqC+GrVtBEsttmhRfSHeAGP6rKlFMRek3sxP0jFi4c9/a6A45NhlB4Q8
+fyGCaqFsHl75QMDzNKpz9LcJJje2l9uMpmG5WW1Mx4PR3mWaknlCWB+91eVRtp0F
+W5rA3fldoyu2odovHuTuHo0H2xiDPg2d4BUgjho4nH/0F2rkUbH5Vuh9fCuHKdK8
+ASmgdNFxud8rSaf2K37EUQKh7RFWZWP/6bwT7xDTmYC6lnvO0cewbbMrhgRKvn+t
+8Agn/ixqginL/qJglP/yFeME9bAoAkHsh9KlifTBziv3gSNG/Gy5CTTsrkLmj0+G
+Fb2eUjzf8n7cjVc1COqfMHW3e/rGlkVuR63EtAywpy4kgD8aYpzdJr1Z+UxthUjc
+1ASaJxhr6Qemd+D1Jnp08QHP0ykRf4dyIzpI+lp1NKXolCW9FAenR7U4KlM=
+=UjRk
+-----END PGP MESSAGE-----