-#!/bin/sh
+#!/bin/bash
# seckey2sshagent: this is a hack of a script to cope with the fact
# that openpgp2ssh currently cannot support encrypted secret keys.
# if no hex string is supplied, just print an explanation.
# this covers seckey2sshagent --help, --usage, -h, etc...
-if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then
+if [ "$(echo "$1" | tr -d '0-9a-fA-F')" ]; then
explanation
exit
fi
GPGIDS="$1"
if [ -z "$GPGIDS" ]; then
+ # hack: we need to get the list of secret keys, because if you
+ # --list-secret-keys with no arguments, GPG fails to print the
+ # capability flags (i've just filed this as
+ # https://bugs.g10code.com/gnupg/issue945)
+ KEYIDS=$(gpg2 --with-colons --list-secret-keys | grep ^sec | cut -f5 -d:)
# default to using all fingerprints of authentication-enabled keys
- GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys "$GPGID" | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
+ GPGIDS=$(gpg --with-colons --fingerprint --fingerprint --list-secret-keys $KEYIDS | egrep -A1 '^(ssb|sec):.*:[^:]*a[^:]*:$' | grep ^fpr: | cut -d: -f10)
fi
for GPGID in $GPGIDS; do
TMPPRIVATE=$(mktemp -d)
- gpg --export-secret-key $GPGID | GNUPGHOME="$TMPPRIVATE" gpg --import
+ gpg --export-secret-key "$GPGID" | GNUPGHOME="$TMPPRIVATE" gpg --import
# idea to script the password stuff. not working.
# read -s -p "enter gpg password: " PASSWD; echo
# )
# echo -e "$cmd" | GNUPGHOME="$TMPPRIVATE" gpg --command-fd 0 --edit-key $GPGID
- GNUPGHOME="$TMPPRIVATE" gpg --edit-key $GPGID
-
+ GNUPGHOME="$TMPPRIVATE" gpg --edit-key "$GPGID"
+
+ KEYNAME='MonkeySphere Key '$(echo "$GPGID" | tr -c -d '0-9a-fA-F')''
# creating this alias so the key is named "monkeysphere-key" in the
# comment stored by the agent, while never being written to disk in
# SSH form:
- ln -s /dev/stdin "$TMPPRIVATE"/monkeysphere-key
+ ln -s /dev/stdin "$TMPPRIVATE/$KEYNAME"
- GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys $GPGID | \
- openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c monkeysphere-key)
+ GNUPGHOME="$TMPPRIVATE" gpg --export-secret-keys "$GPGID" | \
+ openpgp2ssh $GPGID | (cd "$TMPPRIVATE" && ssh-add -c "$KEYNAME")
cleanup
done