aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar drduh <github@duh.to> 2025-05-10 17:47:40 -0700
committerGravatar drduh <github@duh.to> 2025-05-10 17:47:40 -0700
commit04dbdf35c3ecc14ca27ecc6abf3ff9c2c1dfbfe4 (patch)
tree7374a512e195a0c416ea7914c5d111bcbb664f80
parentd66ac5381fd02a3aa01b3d296c0a12af238448ee (diff)
downloadYubiKey-Guide-04dbdf35c3ecc14ca27ecc6abf3ff9c2c1dfbfe4.tar.gz
YubiKey-Guide-04dbdf35c3ecc14ca27ecc6abf3ff9c2c1dfbfe4.tar.zst
YubiKey-Guide-04dbdf35c3ecc14ca27ecc6abf3ff9c2c1dfbfe4.zip
label each step
-rwxr-xr-xscripts/generate.sh31
1 files changed, 21 insertions, 10 deletions
diff --git a/scripts/generate.sh b/scripts/generate.sh
index 5b1cb75..f889e96 100755
--- a/scripts/generate.sh
+++ b/scripts/generate.sh
@@ -103,26 +103,24 @@ gen_key_subs () {
done
}
-list_keys () {
- # Prints available secret keys.
- gpg --list-secret-keys
-}
-
save_secrets () {
# Exports secret keys to local files.
+ export OUTPUT_CERTIFY="$GNUPGHOME/$KEY_ID-Certify.key"
+ export OUTPUT_SUBKEYS="$GNUPGHOME/$KEY_ID-Subkeys.key"
echo "$CERTIFY_PASS" | \
- gpg --output "$GNUPGHOME/$KEY_ID-Certify.key" \
+ gpg --output "$OUTPUT_CERTIFY" \
--batch --pinentry-mode=loopback --passphrase-fd 0 \
--armor --export-secret-keys "$KEY_ID"
echo "$CERTIFY_PASS" | \
- gpg --output "$GNUPGHOME/$KEY_ID-Subkeys.key" \
+ gpg --output "$OUTPUT_SUBKEYS" \
--batch --pinentry-mode=loopback --passphrase-fd 0 \
--armor --export-secret-subkeys "$KEY_ID"
}
save_pubkey () {
# Exports public key to local file.
- gpg --output "$GNUPGHOME/$KEY_ID-$(date +%F).asc" \
+ export OUTPUT_PUBKEY="$GNUPGHOME/$KEY_ID-Public.asc"
+ gpg --output "$OUTPUT_PUBKEY" \
--armor --export "$KEY_ID"
}
@@ -136,28 +134,41 @@ finish () {
printf "subkeys expiration: "
print_id "$KEY_EXPIRATION"
+ printf "\nsecrets and pubkey: "
+ print_id "$GNUPGHOME"
+ print_id "$OUTPUT_PUBKEY"
+
printf "\ncertify passphrase: "
print_cred "$CERTIFY_PASS"
printf "encrypt passphrase: "
print_cred "$ENCRYPT_PASS"
+
+ exit 0
}
+# 1. Set temporary working directory for GnuPG ops.
set_temp_dir
+# 2. Set identity and key attributes, such as label and type.
set_attrs
+# 3. Set passphrases for identity and storage encryption.
set_pass
+# 4. Generate the Certify key.
gen_key_certify
+# 5. Set resulting identity fingerprint.
set_id_fp
+# 6. Generate the Subkeys.
gen_key_subs
-list_keys
-
+# 7. Export Certify and Subkeys to local storage.
save_secrets
+# 8. Export public key to local storage.
save_pubkey
+# 9. Print results and exit.
finish