3 # seckey2sshagent: this is a hack of a script to cope with the fact
4 # that openpgp2ssh currently cannot support encrypted secret keys.
6 # the basic operating principal is:
8 # export the secret key in encrypted format to a new keyring
10 # remove the passphrase in that keyring
12 # use that keyring with openpgp2ssh
14 # Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
15 # Jameson Rollins <jrollins@fifthhorseman.net>
19 echo -n "removing temp gpg home... " 1>&2
26 echo -n "The basic strategy of seckey2sshagent is to dump your
27 OpenPGP authentication key(s) into your agent.
29 The first argument to the command should be your gpg key id (the 8
30 character hex string; try gpg --list-key your@emailaddress.org to
33 This script is a gross hack at the moment. It is done by creating a
34 new, temporary private keyring, letting the user remove the
35 passphrases from the keys, and then exporting them. The temporary
36 private keyring is purged from the system.
38 When you use this command, you'll find yourself dropped into a GPG
39 'edit-key' dialog relevant *only* to the temporary private keyring.
41 At that point, you should clear the password from your key, with:
44 <enter your current password>
46 followed by the empty string for the new password. GPG will ask you
47 if you're really sure. Answer yes, because this is only relevant to
48 the temporary keyring. Then, do:
52 At this point, your key will be added to your running ssh-agent with
53 the alias 'monkeysphere-key' and seckey2sshagent should terminate.
54 You can check on it with:
62 # if no hex string is supplied, just print an explanation.
63 # this covers seckey2sshagent --help, --usage, -h, etc...
64 if [ -z "$1" ] || [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then
73 if [ -z "$GPGIDS" ]; then
74 # default to using all fingerprints of authentication-enabled keys
75 GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
78 for GPGID in $GPGIDS; do
80 TMPPRIVATE=$(mktemp -d)
82 gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import
84 # idea to script the password stuff. not working.
85 # read -s -p "enter gpg password: " PASSWD; echo
96 # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
98 GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID"
100 KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')''
101 # creating this alias so the key is named "monkeysphere-key" in the
102 # comment stored by the agent, while never being written to disk in
104 ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME"
106 GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \
107 openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME")