3 # seckey2sshagent: this is a hack of a script to cope with the fact
4 # that openpgp2ssh currently cannot support encrypted secret keys.
6 # the basic operating principal is:
8 # export the secret key in encrypted format to a new keyring
10 # remove the passphrase in that keyring
12 # use that keyring with openpgp2ssh
14 # Authors: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
15 # Jameson Rollins <jrollins@fifthhorseman.net>
19 echo -n "removing temp gpg home... " 1>&2
26 echo -n "The basic strategy of seckey2sshagent is to dump your
27 OpenPGP authentication key(s) into your agent.
29 This script is a gross hack at the moment. It is done by creating a
30 new, temporary private keyring, letting the user remove the
31 passphrases from the keys, and then exporting them. The temporary
32 private keyring is purged from the system.
34 When you use this command, you'll find yourself dropped into a GPG
35 'edit-key' dialog relevant *only* to the temporary private keyring.
37 At that point, you should clear the password from your key, with:
40 <enter your current password>
42 followed by the empty string for the new password. GPG will ask you
43 if you're really sure. Answer yes, because this is only relevant to
44 the temporary keyring. Then, do:
49 At this point, your key will be added to your running ssh-agent with
50 the alias 'monkeysphere-key' and seckey2sshagent should terminate.
51 You can check on it with:
59 # if no hex string is supplied, just print an explanation.
60 # this covers seckey2sshagent --help, --usage, -h, etc...
61 if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then
70 if [ -z "$GPGIDS" ]; then
71 # default to using all fingerprints of authentication-enabled keys
72 GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
75 for GPGID in $GPGIDS; do
77 TMPPRIVATE=$(mktemp -d)
79 gpg --export-secret-key $GPGID | GNUPGHOME="$TMPPRIVATE" gpg --import
81 # idea to script the password stuff. not working.
82 # read -s -p "enter gpg password: " PASSWD; echo
93 # echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
95 GNUPGHOME="$TMPPRIVATE" gpg --edit-key $GPGID
97 # creating this alias so the key is named "monkeysphere-key" in the
98 # comment stored by the agent, while never being written to disk in
100 ln -s /dev/stdin "$TMPPRIVATE"/monkeysphere-key
102 GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys $GPGID | \
103 openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c monkeysphere-key)