local keyID
local editCommands
local fifoDir
+ local keyType
# get options
while true ; do
# check that an authentication subkey does not already exist
check_gpg_authentication_subkey "$keyID"
+ # determine which keyType to use from gpg version
+ keyType=7
+ case $(gpg --version | head -1 | awk '{ print $3 }' | cut -d. -f1) in
+ 1)
+ if is_gpg_version_greater_equal 1.4.10 ; then
+ keyType=8
+ fi
+ ;;
+ 2)
+ if is_gpg_version_greater_equal 2.0.13 ; then
+ keyType=8
+ fi
+ ;;
+ *)
+ keyType=8
+ ;;
+ esac
+
# generate the list of commands that will be passed to edit-key
- editCommands=$(cat <<EOF
-addkey
-7
+ editCommands="addkey
+$keyType
S
E
A
Q
$keyLength
0
-save
-EOF
-)
+save"
# setup the temp fifo dir for retrieving the key password
log debug "creating password fifo..."
fifoDir=$(msmktempdir)
- trap "rm -rf $fifoDir" EXIT
(umask 077 && mkfifo "$fifoDir/pass")
- log verbose "generating subkey..."
- echo "$editCommands" | gpg --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+ # FIXME: are we adequately cleaning up any trailing gpg process here?
+ trap "rm -rf $fifoDir; kill %% || true" EXIT
+ echo "$editCommands" | gpg_user --passphrase-fd 3 3< "$fifoDir/pass" --expert --command-fd 0 --edit-key "$keyID" &
+ log debug "Prompting for passphrase"
# FIXME: this needs to fail more gracefully if the passphrase is incorrect
passphrase_prompt "Please enter your passphrase for $keyID: " "$fifoDir/pass"
+ log info "Generating subkey. This may take a long time..."
trap - EXIT
rm -rf "$fifoDir"