#!/bin/bash
set -eu

USER_ID="${1}"
HOMEDIR=~/.gnupg/trezor
CURVE="ed25519"  # or "nist256p1"

rm -rf "${HOMEDIR}"
mkdir -p "${HOMEDIR}"
chmod 700 "${HOMEDIR}"

trezor-gpg -v create "${USER_ID}" -e "${CURVE}" > "${HOMEDIR}/pubkey.asc"
gpg2 --homedir "${HOMEDIR}" --import < "${HOMEDIR}/pubkey.asc"

# Mark new key as trusted in gpg.conf
FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed --quiet --regexp-extended 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)
KEY_ID="0x${FINGERPRINT:(-16)}"  # take last 8 bytes of the fingerprint
echo "Marking ${KEY_ID} as trusted..."
echo "trusted-key ${KEY_ID}" > "${HOMEDIR}/gpg.conf"

$(dirname $0)/gpg-shell