diff options
author | Christian Pointner <equinox@spreadspace.org> | 2017-11-21 22:28:39 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2017-11-21 22:28:39 +0100 |
commit | 91cd5480b5a1ca1103d5e239af3d331477c41c2c (patch) | |
tree | b495bf31e2d5da50b045838a1e8d0455db09ee65 /gpg |
initial commit as copy from helsinki ansible repo
Diffstat (limited to 'gpg')
-rwxr-xr-x | gpg/add-key.sh | 21 | ||||
-rwxr-xr-x | gpg/get-vault-pass.sh | 2 | ||||
-rwxr-xr-x | gpg/gpg2.sh | 2 | ||||
-rwxr-xr-x | gpg/list-keys.sh | 2 | ||||
-rwxr-xr-x | gpg/remove-keys.sh | 35 | ||||
-rwxr-xr-x | gpg/set-vault-pass.sh | 20 | ||||
-rw-r--r-- | gpg/vault-keyring.gpg | bin | 0 -> 37014 bytes | |||
-rw-r--r-- | gpg/vault-pass.gpg | 19 |
8 files changed, 101 insertions, 0 deletions
diff --git a/gpg/add-key.sh b/gpg/add-key.sh new file mode 100755 index 00000000..98e29174 --- /dev/null +++ b/gpg/add-key.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "no keyfile specified, reading from stdin ..." +fi + +"${BASH_SOURCE%/*}/gpg2.sh" --import $@ +if [ $? -ne 0 ]; then + echo -e "\nERROR: import key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg." + exit 1 +fi + +echo "" +"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh" +if [ $? -ne 0 ]; then + echo -e "\nERROR: reencrypting vault password file failed!" + echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!" + exit 1 +fi +echo "Successfully reencrypted vault password file!" +echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg." diff --git a/gpg/get-vault-pass.sh b/gpg/get-vault-pass.sh new file mode 100755 index 00000000..202c94f7 --- /dev/null +++ b/gpg/get-vault-pass.sh @@ -0,0 +1,2 @@ +#!/bin/bash +gpg2 --decrypt --batch < "${BASH_SOURCE%/*}/vault-pass.gpg" 2> /dev/null diff --git a/gpg/gpg2.sh b/gpg/gpg2.sh new file mode 100755 index 00000000..b00c49cf --- /dev/null +++ b/gpg/gpg2.sh @@ -0,0 +1,2 @@ +#!/bin/bash +exec gpg2 --keyring "${BASH_SOURCE%/*}/vault-keyring.gpg" --secret-keyring /dev/null --no-default-keyring $@ diff --git a/gpg/list-keys.sh b/gpg/list-keys.sh new file mode 100755 index 00000000..4b010495 --- /dev/null +++ b/gpg/list-keys.sh @@ -0,0 +1,2 @@ +#!/bin/bash +exec "${BASH_SOURCE%/*}/gpg2.sh" --list-keys $@ diff --git a/gpg/remove-keys.sh b/gpg/remove-keys.sh new file mode 100755 index 00000000..80ae1573 --- /dev/null +++ b/gpg/remove-keys.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +if [ -z "$1" ]; then + echo "Please specify at least one key ID!" + echo "" + echo "You can find out the key ID using the command: gpg/list-keys.sh" + echo "" + echo " Here is an example output:" + echo "" + echo " pub rsa4096/0x1234567812345678 2017-01-01 [SC] [expires: 2019-01-01]" + echo " Key fingerprint = 1234 5678 1234 5678 1234 5678 1234 5678 1234 5678" + echo " uid [ unknown] Firstname Lastname <lastname@example.com>" + echo " sub rsa4096/0x8765432187654321 2017-01-01 [E] [expires: 2019-01-01]" + echo "" + echo " The key ID is the hexadecimal number next to rsa4096/ in the line" + echo " starting with pub (not sub). In this case the key ID is: 0x1234567812345678" + echo "" + exit 1 +fi + +"${BASH_SOURCE%/*}/gpg2.sh" --delete-keys $@ +if [ $? -ne 0 ]; then + echo -e "\nERROR: removing key(s) failed. Please revert any changes of the file gpg/vault-keyring.gpg." + exit 1 +fi + +echo "" +"${BASH_SOURCE%/*}/get-vault-pass.sh" | "${BASH_SOURCE%/*}/set-vault-pass.sh" +if [ $? -ne 0 ]; then + echo -e "\nERROR: reencrypting vault password file failed!" + echo " You might want to revert any changes on gpg/vault-pass.gpg and gpg/vault-keyring.gpg!!" + exit 1 +fi +echo "Successfully reencrypted vault password file!" +echo " Don't forget to commit the changes in gpg/vault-pass.gpg and gpg/vault-keyring.gpg." diff --git a/gpg/set-vault-pass.sh b/gpg/set-vault-pass.sh new file mode 100755 index 00000000..1fb3426c --- /dev/null +++ b/gpg/set-vault-pass.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +keyids=$("${BASH_SOURCE%/*}/gpg2.sh" --list-keys --with-colons --fast-list-mode 2>/dev/null | awk -F: '/^pub/{printf "%s\n", $5}') +if [ -z "$keyids" ]; then + echo "ERROR: no keys to encrypt to, is the keyring empty?" + exit 1 +fi + +receipients="" +for keyid in $keyids; do + receipients="$receipients -r $keyid" +done + + +"${BASH_SOURCE%/*}/gpg2.sh" --yes --trust-model always --encrypt -a -o "${BASH_SOURCE%/*}/vault-pass.gpg.$$" $receipients +if [ $? -ne 0 ]; then + rm -f "${BASH_SOURCE%/*}/vault-pass.gpg.$$" + exit 1 +fi +mv "${BASH_SOURCE%/*}/vault-pass.gpg.$$" "${BASH_SOURCE%/*}/vault-pass.gpg" diff --git a/gpg/vault-keyring.gpg b/gpg/vault-keyring.gpg Binary files differnew file mode 100644 index 00000000..8d2e0443 --- /dev/null +++ b/gpg/vault-keyring.gpg diff --git a/gpg/vault-pass.gpg b/gpg/vault-pass.gpg new file mode 100644 index 00000000..20130b37 --- /dev/null +++ b/gpg/vault-pass.gpg @@ -0,0 +1,19 @@ +-----BEGIN PGP MESSAGE----- + +hQIMA+Qd5U24qffPAQ/+M6LI5+vmyfQqiH14FM6W7q/rjtKpAmkSHrUs2XyFsoF4 +Z0fK8sZivjY/HHxD+hjQJ1GDCEBjQTEgdUmEopj/Di4BS851tClBapa+UPQHezVf +1LvNEti2e4ghdGDLd+UGF24Mu2SwLyE4neO/VBg2AYiX3AAO+35nIUgrzarVCvhB +FP6jja1oLmMFfNCw9xSbM1JozwlSOZWPFGt/W1exfthJvFx2r60IdLlBjl6R8SS9 +2sWcFU3tIjcKX1hCFzt+iv+Ks1dPsOIex5GRi2YWl6EOsuafBo7AlhcIXdDSNEyC ++ieXY8VAMqb8kTbaITP+eMYy/gw43Eo5dRyu+kS95pnLcguM8gsaxTgxTW8WGWPh +JH6ezxyuWS1AlrT0/T9qQtPzz6RO01UpeP/Uwe03p16uCOI5tNOrESoG4OSnwwav +BP2R6KdjMmPhIheK14krIMRFssx8bWq1/Ib8qkXeVUcFRRnpTdsTtj9hkOM9eLxS +IJjO5/ny9wQRtO9Mm8QMLBewb602WI8qdE0zSKBofKZUHr92JH+wD69vTkHu3LUi +tQEGXM5oKUfkbWa+hmNdTPsjPesfR/N/AtAK5vyTofIxs4qGXfoMgnPgchkVi8uK +IpiSot0Bawg/SIkdTOg3KYaJgqFrqic7eozFj/s89rWNMf0zYiIUkMrrYlQCpYrS +vAF2iuZCv0WapCgENJ/hykA3XXGn/CeQ6jSpILfLA7fXY0ndblrZONw52+ST0VBn +3EtV7dvhrx0uaN54u4jdLCI6y5lBfSQaPYtqSl3Gduhl7VzF4FJiXGf6J8yORPaj +qnIchQmbXoTefnTSvBT+GGWYfQXd7kxnxsL4tR8HzOUZe9pR7XesVdl9TLUjU8NP +c+aUDAhpCnf32VKmmZGyvIFyH0WcIKgEza5n2Q1mRGLhs9duMTHnC1kjv9wb +=lDHb +-----END PGP MESSAGE----- |