From ae11a84a69b71036b5f19333d81cdff51825ce2a Mon Sep 17 00:00:00 2001 From: committer Date: Wed, 5 Jun 2024 16:34:38 -0500 Subject: [PATCH] u --- dots/bin/deployGnupgKeys.sh | 146 +++++++++++++++++++----------------- 1 file changed, 79 insertions(+), 67 deletions(-) diff --git a/dots/bin/deployGnupgKeys.sh b/dots/bin/deployGnupgKeys.sh index 757eb5d..02504fc 100644 --- a/dots/bin/deployGnupgKeys.sh +++ b/dots/bin/deployGnupgKeys.sh @@ -2,78 +2,90 @@ # klevstul :: 24.06 +# how to backup gpg: +# gpg --export --export-options backup --output public.gpg frode@thisworld.is +# gpg --export-secret-keys --export-options backup --output private.gpg frode@thisworld.is +# ref: https://www.howtogeek.com/816878/how-to-back-up-and-restore-gpg-keys-on-linux/ + this_file_name=`basename "$0"` echo "$this_file_name" # location of ssh keys syncdir_env_var=SYNCDIR_${HOSTNAME} -src_gnupg_dir=${!syncdir_env_var}/secrets/.gnupg -trg_gnupg_dir=~/.gnupg +src_gnupg_dir=${!syncdir_env_var}/secrets/gnupg -echo "\$SYNCDIR_${HOSTNAME}=${!syncdir_env_var}" -echo "src_gnupg_dir: ${src_gnupg_dir}" +gpg --import ${src_gnupg_dir}/public.gpg +gpg --import ${src_gnupg_dir}/private.gpg -if ! [[ -d ${src_gnupg_dir} ]]; then - echo "error: non-existing directory '${src_gnupg_dir}'" >&2; exit 1 -fi +gpg --list-secret-keys --keyid-format LONG -if ! [[ -d "$trg_gnupg_dir" ]]; then - echo "creating non-existing target dir '${trg_gnupg_dir}'." - mkdir -p ${trg_gnupg_dir} -fi - -the_file=trustdb.gpg -if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then - echo "deploy ${the_file}" - cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} -else - echo "${the_file} already exist in ${trg_gnupg_dir}" -fi - -the_file=pubring.kbx -if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then - echo "deploy ${the_file}" - cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} -else - echo "${the_file} already exist in ${trg_gnupg_dir}" -fi - -the_directory=openpgp-revocs.d -if ! [[ -d ${trg_gnupg_dir}/${the_directory} ]]; then - echo "deploy ${the_directory}" - cp -r ${src_gnupg_dir}/${the_directory} ${trg_gnupg_dir} -else - echo "${the_directory} already exist in ${trg_gnupg_dir}" -fi - -the_file=private-keys-v1.d.7z.gpg -if ! [[ -d ${trg_gnupg_dir}/private-keys-v1.d ]]; then - echo "deploy private-keys-v1.d" - cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} -else - echo - echo "ERROR: directory 'private-keys-v1.d' already exist in ${trg_gnupg_dir}" - echo "rename or delete existing directory and try again (backup the content if needed)." - exit 1 -fi - -echo "do you want to unpack and decrypt ${the_file}? (y/n)" -read user_input - -if [[ ${user_input} == "y" ]]; then - echo "yes" - echo "please, remember the hint: poq.l2" - gpg -d ${trg_gnupg_dir}/${the_file} > ${trg_gnupg_dir}/private-keys-v1.d.7z - 7za x ${trg_gnupg_dir}/private-keys-v1.d.7z -o${trg_gnupg_dir} - chmod 0600 ${trg_gnupg_dir}/private-keys-v1.d/* # private keys should not be accessible by other users - - trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z.gpg - trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z -else - echo "no worries. you can manually unpack and decrypt the file, if needed:" - echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z" - echo "7za x -private-keys-v1.d.7z" -fi - -echo "${trg_gnupg_dir}:" -ls -al ${trg_gnupg_dir} +#trg_gnupg_dir=~/.gnupg +# +#echo "\$SYNCDIR_${HOSTNAME}=${!syncdir_env_var}" +#echo "src_gnupg_dir: ${src_gnupg_dir}" +# +#if ! [[ -d ${src_gnupg_dir} ]]; then +# echo "error: non-existing directory '${src_gnupg_dir}'" >&2; exit 1 +#fi +# +#if ! [[ -d "$trg_gnupg_dir" ]]; then +# echo "creating non-existing target dir '${trg_gnupg_dir}'." +# mkdir -p ${trg_gnupg_dir} +#fi +# +#the_file=trustdb.gpg +#if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then +# echo "deploy ${the_file}" +# cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} +#else +# echo "${the_file} already exist in ${trg_gnupg_dir}" +#fi +# +#the_file=pubring.kbx +#if ! [[ -f ${trg_gnupg_dir}/${the_file} ]]; then +# echo "deploy ${the_file}" +# cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} +#else +# echo "${the_file} already exist in ${trg_gnupg_dir}" +#fi +# +#the_directory=openpgp-revocs.d +#if ! [[ -d ${trg_gnupg_dir}/${the_directory} ]]; then +# echo "deploy ${the_directory}" +# cp -r ${src_gnupg_dir}/${the_directory} ${trg_gnupg_dir} +#else +# echo "${the_directory} already exist in ${trg_gnupg_dir}" +#fi +# +#the_file=private-keys-v1.d.7z.gpg +#if ! [[ -d ${trg_gnupg_dir}/private-keys-v1.d ]]; then +# echo "deploy private-keys-v1.d" +# cp ${src_gnupg_dir}/${the_file} ${trg_gnupg_dir} +#else +# echo +# echo "ERROR: directory 'private-keys-v1.d' already exist in ${trg_gnupg_dir}" +# echo "rename or delete existing directory and try again (backup the content if needed)." +# exit 1 +#fi +# +#echo "do you want to unpack and decrypt ${the_file}? (y/n)" +#read user_input +# +#if [[ ${user_input} == "y" ]]; then +# echo "yes" +# echo "please, remember the hint: poq.l2" +# gpg -d ${trg_gnupg_dir}/${the_file} > ${trg_gnupg_dir}/private-keys-v1.d.7z +# 7za x ${trg_gnupg_dir}/private-keys-v1.d.7z -o${trg_gnupg_dir} +# chmod 0600 ${trg_gnupg_dir}/private-keys-v1.d/* # private keys should not be accessible by other users +# +# trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z.gpg +# trash-put ${trg_gnupg_dir}/private-keys-v1.d.7z +#else +# echo "no worries. you can manually unpack and decrypt the file, if needed:" +# echo "gpg -d private-keys-v1.d.7z.gpg > private-keys-v1.d.7z" +# echo "7za x -private-keys-v1.d.7z" +#fi +# +#echo "${trg_gnupg_dir}:" +#ls -al ${trg_gnupg_dir} +# \ No newline at end of file