43 lines
1.1 KiB
Bash
Executable File
43 lines
1.1 KiB
Bash
Executable File
# Generate GPG public private key pair, run `gpg --full-gen-key`.
|
|
|
|
#FIXME unattended key generation does not work.
|
|
|
|
EMAIL=default@foo.bar
|
|
|
|
#export GNUPGHOME="$(mktemp -d)"
|
|
cat >keydetails <<EOF
|
|
%echo Generating a basic OpenPGP key
|
|
Key-Type: RSA
|
|
Key-Length: 2048
|
|
Subkey-Type: RSA
|
|
Subkey-Length: 2048
|
|
Name-Real: User 1
|
|
Name-Comment: User 1
|
|
Name-Email: ${EMAIL}
|
|
Expire-Date: 0
|
|
%no-ask-passphrase
|
|
%no-protection
|
|
%pubring pubring.kbx
|
|
%secring trustdb.gpg
|
|
# Do a commit here, so that we can later print "done" :-)
|
|
%commit
|
|
%echo done
|
|
EOF
|
|
|
|
gpg --verbose --batch --gen-key keydetails
|
|
|
|
# Set trust to 5 for the key so we can encrypt without prompt.
|
|
echo -e "5\ny\n" | gpg2 --command-fd 0 --expert --edit-key ${EMAIL} trust;
|
|
|
|
# Test that the key was created and the permission the trust was set.
|
|
gpg --list-keys
|
|
|
|
# Test the key can encrypt and decrypt.
|
|
gpg -e -a -r ${EMAIL} keydetails
|
|
|
|
|
|
# `pass` must be installed and initialized to encrypt passwords.
|
|
# Be sure it is installed and run `pass init <yourgpgemail>`.
|
|
# creates ${HOME}/.password-store/
|
|
pass init ${EMAIL}
|