From 8cb754dacac0864f6b112e39fd6e7eaf3a339756 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Tue, 30 May 2017 00:16:55 +0200 Subject: inital commit --- gpg/add-key.sh | 21 +++++++++++++++++++++ gpg/get-vault-pass.sh | 2 ++ gpg/gpg2.sh | 2 ++ gpg/list-keys.sh | 2 ++ gpg/remove-keys.sh | 35 +++++++++++++++++++++++++++++++++++ gpg/set-vault-pass.sh | 20 ++++++++++++++++++++ gpg/vault-keyring.gpg | Bin 0 -> 53199 bytes gpg/vault-pass.gpg | 30 ++++++++++++++++++++++++++++++ 8 files changed, 112 insertions(+) create mode 100755 gpg/add-key.sh create mode 100755 gpg/get-vault-pass.sh create mode 100755 gpg/gpg2.sh create mode 100755 gpg/list-keys.sh create mode 100755 gpg/remove-keys.sh create mode 100755 gpg/set-vault-pass.sh create mode 100644 gpg/vault-keyring.gpg create mode 100644 gpg/vault-pass.gpg (limited to 'gpg') diff --git a/gpg/add-key.sh b/gpg/add-key.sh new file mode 100755 index 0000000..98e2917 --- /dev/null +++ b/gpg/add-key.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "no keyfile specified, reading from stdin ..." +fi + +"${BASH_SOURCE%/*}/gpg2.sh" --import $@ +if [ $? -ne 0 ]; then + echo -e "\nERROR: import key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg." + exit 1 +fi + +echo "" +"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh" +if [ $? -ne 0 ]; then + echo -e "\nERROR: reencrypting vault password file failed!" + echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!" + exit 1 +fi +echo "Successfully reencrypted vault password file!" +echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg." diff --git a/gpg/get-vault-pass.sh b/gpg/get-vault-pass.sh new file mode 100755 index 0000000..202c94f --- /dev/null +++ b/gpg/get-vault-pass.sh @@ -0,0 +1,2 @@ +#!/bin/bash +gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null diff --git a/gpg/gpg2.sh b/gpg/gpg2.sh new file mode 100755 index 0000000..b00c49c --- /dev/null +++ b/gpg/gpg2.sh @@ -0,0 +1,2 @@ +#!/bin/bash +exec gpg2 --keyring "${BASH_SOURCE%/*}/vault-keyring.gpg" --secret-keyring /dev/null --no-default-keyring $@ diff --git a/gpg/list-keys.sh b/gpg/list-keys.sh new file mode 100755 index 0000000..4b01049 --- /dev/null +++ b/gpg/list-keys.sh @@ -0,0 +1,2 @@ +#!/bin/bash +exec "${BASH_SOURCE%/*}/gpg2.sh" --list-keys $@ diff --git a/gpg/remove-keys.sh b/gpg/remove-keys.sh new file mode 100755 index 0000000..80ae157 --- /dev/null +++ b/gpg/remove-keys.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Please specify at least one key ID!" + echo "" + echo "You can find out the key ID using the command: gpg/list-keys.sh" + echo "" + echo " Here is an example output:" + echo "" + echo " pub rsa4096/0x1234567812345678 2017-01-01 [SC] [expires: 2019-01-01]" + echo " Key fingerprint = 1234 5678 1234 5678 1234 5678 1234 5678 1234 5678" + echo " uid [ unknown] Firstname Lastname " + echo " sub rsa4096/0x8765432187654321 2017-01-01 [E] [expires: 2019-01-01]" + echo "" + echo " The key ID is the hexadecimal number next to rsa4096/ in the line" + echo " starting with pub (not sub). In this case the key ID is: 0x1234567812345678" + echo "" + exit 1 +fi + +"${BASH_SOURCE%/*}/gpg2.sh" --delete-keys $@ +if [ $? -ne 0 ]; then + echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg." + exit 1 +fi + +echo "" +"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh" +if [ $? -ne 0 ]; then + echo -e "\nERROR: reencrypting vault password file failed!" + echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!" + exit 1 +fi +echo "Successfully reencrypted vault password file!" +echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg." diff --git a/gpg/set-vault-pass.sh b/gpg/set-vault-pass.sh new file mode 100755 index 0000000..1fb3426 --- /dev/null +++ b/gpg/set-vault-pass.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +keyids=$("${BASH_SOURCE%/*}/gpg2.sh" --list-keys --with-colons --fast-list-mode 2>/dev/null | awk -F: '/^pub/{printf "%s\n", $5}') +if [ -z "$keyids" ]; then + echo "ERROR: no keys to encrypt to, is the keyring empty?" + exit 1 +fi + +receipients="" +for keyid in $keyids; do + receipients="$receipients -r $keyid" +done + + +"${BASH_SOURCE%/*}/gpg2.sh" --yes --trust-model always --encrypt -a -o "${BASH_SOURCE%/*}/vault-pass.gpg.$$" $receipients +if [ $? -ne 0 ]; then + rm -f "${BASH_SOURCE%/*}/vault-pass.gpg.$$" + exit 1 +fi +mv "${BASH_SOURCE%/*}/vault-pass.gpg.$$" "${BASH_SOURCE%/*}/vault-pass.gpg" diff --git a/gpg/vault-keyring.gpg b/gpg/vault-keyring.gpg new file mode 100644 index 0000000..ac982f5 Binary files /dev/null and b/gpg/vault-keyring.gpg differ diff --git a/gpg/vault-pass.gpg b/gpg/vault-pass.gpg new file mode 100644 index 0000000..10013e2 --- /dev/null +++ b/gpg/vault-pass.gpg @@ -0,0 +1,30 @@ +-----BEGIN PGP MESSAGE----- + +hQIMA+Cpej/CiKjBAQ/9F6GVffeVLlCbF5Y30yP8drkV3uOFFwi46nUbRtz+VESN +627nxJookhYBB9RS1r6L1Db17Qi5pgusqeihu7IWdXtvdtcOAmExJ+ePlXUILy4r +1BKWIDIIj9z2t09v4KAAXEJYtJmRUf7tACmHHBhNbZzN/oaXutEfPrrxLaLg1Pcd +d1A9J4baa5XMal59BzwToDdz1T1UCa7H/6rm76LuLb+dFttyZw24FnwBkH1aDbcz +kTdMXzqaNVbh/0jQT3c0ATBltpam+vBx5MqRHJquysdaZ6WIf7vbSnPKopzegMOi +kdn7H6Hb9u88cZ7ND29NBKvpRUBe5T3HVkHErS/RBZLqfKMzxpf/neFwkUwbK3oH +agTszNHPDfyM9GqWDeeakp2amlZ4QKAC9WjX/1PHEItivHBettJqyPRTXQ+jqYx/ +jubCeGErOY9T6ub5zwPfyjtUAvZx7nXbWQbkP3IedF7Iq/c0shjuTCDWLwanRCbv +mrcqdUsxXxw/9B3QB0TqrmKu8WiM1biemQbo3ZE0V4KQUcKeYII5L57XReeU/u5q +WdtPLdLBQvuIKELXbiEVGqHwvwHo6INVnrkO+18wrgDQ+izxvxxlLzWZLev+pr0f +PEX263MFK7nloRvaAeStj5/3wcElq3mR7Ksy8D/bbUvPJwRGK+G8Ntc5zDgKVaSF +AgwDdyX9zyGgIjQBEACwYMmdtlOA/9LNsAvvzygU6N6vHnVcv3nSqLc4c66t5seC +ytlHXIHtuN9THwYep6scTj8XE6ZIMLpb9mybMneAZajDqwOLQ4tp81wkBjvZysyJ +OOqTrhZxuglRDbJWbfPfK52F6Gm+I/nFKySU8r8wo7ScqaDtJF9WaKdCSU26+2AC +spuAatd7vn0DuJoAJFa6KKdwCe8bGy+2oJzNND+wmwt0KgFhI27ghPwQgl+2kshd +K0t4KCgMC5RM0ixptypPYOrT6L76lwu+QCnpQftdnOemUDDtve3UM/Nbs2c1REve +RR58faZOYsLq2AibUbdyZii2eRZeGlQhuXzOdhgYrA08qHvT+vJeYSR8QHQ6Q011 +FRe8fgC25MGdtrnDMFhWqZ0cJs2VgT0oyMsgU2KrDCENSuMKdKz+Jsmn2x6L6nrn +rjZjWqGq0dF8L1EImpBwxd2eh3pgVWXJDUWYeUk9h1jjzN61Sa0imDl5857CxclP +E0x0wGs7QqC+GrVtBEsttmhRfSHeAGP6rKlFMRek3sxP0jFi4c9/a6A45NhlB4Q8 +fyGCaqFsHl75QMDzNKpz9LcJJje2l9uMpmG5WW1Mx4PR3mWaknlCWB+91eVRtp0F +W5rA3fldoyu2odovHuTuHo0H2xiDPg2d4BUgjho4nH/0F2rkUbH5Vuh9fCuHKdK8 +ASmgdNFxud8rSaf2K37EUQKh7RFWZWP/6bwT7xDTmYC6lnvO0cewbbMrhgRKvn+t +8Agn/ixqginL/qJglP/yFeME9bAoAkHsh9KlifTBziv3gSNG/Gy5CTTsrkLmj0+G +Fb2eUjzf8n7cjVc1COqfMHW3e/rGlkVuR63EtAywpy4kgD8aYpzdJr1Z+UxthUjc +1ASaJxhr6Qemd+D1Jnp08QHP0ykRf4dyIzpI+lp1NKXolCW9FAenR7U4KlM= +=UjRk +-----END PGP MESSAGE----- -- cgit v1.2.1