Last active
September 18, 2021 03:25
-
-
Save dylanschmittle/309a3979c77d884ba84e6f0aee0952fd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Check For Args | |
if [ $# -eq 0 ]; then | |
echo '"./batch-gpg.sh "Full Name" "email@domain.com"' | |
echo "same password each prompt" | |
exit 1 | |
fi | |
# Make Temp Workspace | |
GNUPGHOME="$(mktemp -d)" | |
export GNUPGHOME | |
chmod 700 "$GNUPGHOME" | |
# Drop Hardened Config | |
cat >"$GNUPGHOME/gpg.conf" <<EOF | |
personal-cipher-preferences AES256 AES192 AES | |
personal-digest-preferences SHA512 SHA384 SHA256 | |
personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed | |
default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed | |
cert-digest-algo SHA512 | |
s2k-digest-algo SHA512 | |
s2k-cipher-algo AES256 | |
charset utf-8 | |
fixed-list-mode | |
no-comments | |
no-emit-version | |
no-greeting | |
keyid-format 0xlong | |
list-options show-uid-validity | |
verify-options show-uid-validity | |
with-fingerprint | |
require-cross-certification | |
no-symkey-cache | |
use-agent | |
throw-keyids | |
EOF | |
# Create Template | |
export NAME=$1 | |
export EMAIL=$2 | |
cat >master <<EOF | |
%echo Generating a basic OpenPGP key | |
Key-Type: RSA | |
Key-Length: 4096 | |
Key-Usage: cert | |
Name-Real: ${NAME} | |
Name-Email: ${EMAIL} | |
Expire-Date: 0 | |
%commit | |
%echo done | |
EOF | |
# Batch Create | |
gpg --batch --generate-key master | |
# Get KeyID and make a folder | |
FPR=$(gpg --list-options show-only-fpr-mbox --list-secret-keys | awk '{print $1}') | |
mkdir "$FPR" | |
# Subkey Generation and Export | |
gpg --quick-add-key "$FPR" rsa4096 sign 1y | |
gpg --armor --export-secret-subkeys "$FPR" > "keybase-key.asc" | |
gpg --quick-add-key "$FPR" rsa4096 encrypt 1y | |
gpg --quick-add-key "$FPR" rsa4096 auth 1y | |
gpg --armor --export-secret-keys "$FPR" > "$FPR/secret.asc" | |
gpg --armor --export-secret-subkeys "$FPR" > "$FPR/secret-sub.asc" | |
gpg --armor --export "$FPR" > "$FPR/public.asc" | |
gpg --armor --export "$FPR" > "keybase-public.asc" | |
tar --create --file "${NAME}-${EMAIL}.tar.gz" "$FPR" | |
gpg -K | |
# Clean up | |
rm -rf "$GNUPGHOME" | |
echo "If you have keybase installed do this" | |
echo '' | |
echo " gpg --import keybase-public.asc" | |
echo " gpg --import keybase-key.asc" | |
echo '' | |
echo " keybase signup" | |
echo '' | |
echo "After your done importing, get the rest of your keys" | |
echo '' | |
echo " gpg --import $FPR/secret.asc" | |
echo " gpg --import $FPR/secret-sub.asc" | |
echo '' | |
echo "Hide away the archive, delete the folder and files" | |
echo '' | |
echo "https://github.com/drduh/YubiKey-Guide" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment