trezor-agent/scripts/gpg-init

#!/bin/bash
set -eu

USER_ID="${1}"
HOMEDIR=~/.gnupg/trezor
CURVE=${CURVE:="nist256p1"}  # or "ed25519"
TIMESTAMP=${TIMESTAMP:=`date +%s`}  # key creation timestamp

# Prepare new GPG home directory for TREZOR-based identity
rm -rf "${HOMEDIR}"
mkdir -p "${HOMEDIR}"
chmod 700 "${HOMEDIR}"

# Generate new GPG identity and import into GPG keyring
trezor-gpg-create -v "${USER_ID}" -t "${TIMESTAMP}" -e "${CURVE}" > "${HOMEDIR}/pubkey.asc"
gpg2 --homedir "${HOMEDIR}" --import < "${HOMEDIR}/pubkey.asc"
rm -f "${HOMEDIR}/S.gpg-agent"  # (otherwise, our agent won't be started automatically)

# Make new GPG identity with "ultimate" trust (via its fingerprint)
FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed -n -E 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)
echo "${FINGERPRINT}:6" | gpg2 --homedir "${HOMEDIR}" --import-ownertrust

# Prepare GPG configuration file
echo "# TREZOR-based GPG configuration
agent-program $(which trezor-gpg-agent)
personal-digest-preferences SHA512
" | tee "${HOMEDIR}/gpg.conf"

echo "# TREZOR-based GPG agent emulator
log-file ${HOMEDIR}/gpg-agent.log
verbosity 2
" | tee "${HOMEDIR}/gpg-agent.conf"
gpg: add helper scripts 2016-10-21 20:07:58 +00:00			`#!/bin/bash`
gpg: improve shell helper scripts - explicit trust configuration - less debug prints 2016-10-22 18:30:32 +00:00			`set -eu`
gpg: add helper scripts 2016-10-21 20:07:58 +00:00
			`USER_ID="${1}"`
			`HOMEDIR=~/.gnupg/trezor`
gpg: allow setting CURVE from environment 2016-10-24 08:01:37 +00:00			`CURVE=${CURVE:="nist256p1"} # or "ed25519"`
gpg: allow setting key creation timestamp 2016-10-29 14:13:49 +00:00			TIMESTAMP=${TIMESTAMP:=`date +%s`} # key creation timestamp
gpg: add helper scripts 2016-10-21 20:07:58 +00:00
gpg: use gpg.conf to automatically spawn trezor-gpg-agent 2016-10-24 14:30:35 +00:00			`# Prepare new GPG home directory for TREZOR-based identity`
gpg: add helper scripts 2016-10-21 20:07:58 +00:00			`rm -rf "${HOMEDIR}"`
			`mkdir -p "${HOMEDIR}"`
			`chmod 700 "${HOMEDIR}"`

gpg: use gpg.conf to automatically spawn trezor-gpg-agent 2016-10-24 14:30:35 +00:00			`# Generate new GPG identity and import into GPG keyring`
gpg: allow setting key creation timestamp 2016-10-29 14:13:49 +00:00			`trezor-gpg-create -v "${USER_ID}" -t "${TIMESTAMP}" -e "${CURVE}" > "${HOMEDIR}/pubkey.asc"`
gpg: add helper scripts 2016-10-21 20:07:58 +00:00			`gpg2 --homedir "${HOMEDIR}" --import < "${HOMEDIR}/pubkey.asc"`
gpg: use gpg.conf to automatically spawn trezor-gpg-agent 2016-10-24 14:30:35 +00:00			`rm -f "${HOMEDIR}/S.gpg-agent" # (otherwise, our agent won't be started automatically)`
gpg: add helper scripts 2016-10-21 20:07:58 +00:00
gpg: use gpg.conf to automatically spawn trezor-gpg-agent 2016-10-24 14:30:35 +00:00			`# Make new GPG identity with "ultimate" trust (via its fingerprint)`
gpg: remove spurious space 2016-10-29 14:24:06 +00:00			`FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons \| sed -n -E 's/^fpr:::::::::([0-9A-F]+):$/\1/p' \| head -n1)`
gpg: use gpg.conf to automatically spawn trezor-gpg-agent 2016-10-24 14:30:35 +00:00			`echo "${FINGERPRINT}:6" \| gpg2 --homedir "${HOMEDIR}" --import-ownertrust`

			`# Prepare GPG configuration file`
			`echo "# TREZOR-based GPG configuration`
			`agent-program $(which trezor-gpg-agent)`
gpg: use SHA-512 as default hash for signatures 2016-10-24 07:52:36 +00:00			`personal-digest-preferences SHA512`
gpg: use gpg.conf to automatically spawn trezor-gpg-agent 2016-10-24 14:30:35 +00:00			`" \| tee "${HOMEDIR}/gpg.conf"`
gpg: use 'gpg-agent.conf' to configure trezor-gpg-agent currently support logfile and logging verbosity 2016-10-24 14:55:35 +00:00
			`echo "# TREZOR-based GPG agent emulator`
			`log-file ${HOMEDIR}/gpg-agent.log`
			`verbosity 2`
			`" \| tee "${HOMEDIR}/gpg-agent.conf"`