#!/bin/bash set -eu USER_ID="${1}" HOMEDIR=~/.gnupg/trezor CURVE=${CURVE:="nist256p1"} # or "ed25519" TIMESTAMP=${TIMESTAMP:=`date +%s`} # key creation timestamp # Prepare new GPG home directory for TREZOR-based identity rm -rf "${HOMEDIR}" mkdir -p "${HOMEDIR}" chmod 700 "${HOMEDIR}" # Generate new GPG identity and import into GPG keyring trezor-gpg-create -v "${USER_ID}" -t "${TIMESTAMP}" -e "${CURVE}" > "${HOMEDIR}/pubkey.asc" gpg2 --homedir "${HOMEDIR}" --import < "${HOMEDIR}/pubkey.asc" rm -f "${HOMEDIR}/S.gpg-agent" # (otherwise, our agent won't be started automatically) # Make new GPG identity with "ultimate" trust (via its fingerprint) FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed -n -E 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1) echo "${FINGERPRINT}:6" | gpg2 --homedir "${HOMEDIR}" --import-ownertrust # Prepare GPG configuration file echo "# TREZOR-based GPG configuration agent-program $(which trezor-gpg-agent) personal-digest-preferences SHA512 " | tee "${HOMEDIR}/gpg.conf" echo "# TREZOR-based GPG agent emulator log-file ${HOMEDIR}/gpg-agent.log verbosity 2 " | tee "${HOMEDIR}/gpg-agent.conf"