#!/bin/bash
# gpg - GPG support
set -e
######
# Settings
sec_tool_gpg_config_init() {
lib_setting_vars gpg_verbose
lib_setting_vars gpg_key_type gpg_key_length gpg_key_expires
lib_setting_arrays gpg_key_usage
lib_setting_vars --null \
gpg_key_name gpg_key_comment gpg_key_email \
gpg_key_passphrase
lib_setting_vars --null gpg_output
lib_setting_vars gpg_confdir gpg_secring gpg_pubring
gpg_key_usage=( encrypt sign )
}
sec_tool_gpg_config_check() {
gpg_verbose=${gpg_verbose:-false}
gpg_key_type="${gpg_key_type:-RSA}"
gpg_key_length="${gpg_key_length:-2048}"
gpg_key_expires="${gpg_key_expires:-1m}"
gpg_confdir="${gpg_confdir:-$confdir/gpg}"
gpg_pubring="${gpg_pubring:-$gpg_confdir/pubring.gpg}"
gpg_secring="${gpg_secring:-$gpg_confdir/secring.gpg}"
}
######
# Internal functions
gpg_options() {
local var=$1
list_append $var --keyring $gpg_pubring \
--secret-keyring $gpg_secring \
--no-default-keyring
[ -z "$gpg_output" ] || list_append $var --output "$gpg_output"
}
run_gpg() {
local -a opts
gpg_options opts
run gpg "${opts[@]}" "$@"
}
######
# Key management
check_var_is_set() {
has_args 1 "$@"
local var=$1
eval 'test "$'$var'"' || error "'$var' is not set"
}
check_vars_are_set() { for_each check_var_is_set "$@"; }
gpg_key_gen_script() {
check_vars_are_set gpg_key_name gpg_key_comment gpg_key_email
! $pretend || echo "%dry-run"
cat <<SCRIPT
Key-Type: $gpg_key_type
Key-Length: $gpg_key_length
Key-Usage: ${gpg_key_usage[*]}
Name-Real: $gpg_key_name
Name-Comment: $gpg_key_comment
Name-Email: $gpg_key_email
SCRIPT
[ -z "$gpg_key_passphase" ] || echo "Passphrase: $gpg_key_passphrase"
echo "%commit"
}
gpg_key_gen() {
local tmp
tmp=$(cmd_tempfile)
gpg_key_gen_script >$tmp
file_mkdir "$gpg_pubring"
file_mkdir "$gpg_secring"
info "generating new GPG key..."
if run_gpg --gen-key --batch <$tmp; then
info "... done!"
else
cat "$tmp"
error "... FAILED!"
fi
}
Generated on Wed Jun 28 07:40:15 PDT 2017 by mcsh d14 v0.20.0.