skissane/testGpg.sh

## testGpg.sh
#!/bin/bash
#
# testGpg.sh - performs test of GPG functionality using generated key
#

# This one-liner switches to script directory respecting symlinks
cd "$([ -L "$0" ] && dirname "$(_link="$0"; while [ -L "${_link}" ]; do _to="$(readlink "${_link}")"; _link="$([[ "${_to}" = /* ]] && echo "${_to}" || echo "$(dirname "${_link}")/${_to}")"; done; echo "${_link}")" || dirname "$0")"

# Routine to display error message and exit
abortMsg() {
	echo 1>&2 "ERROR: $*"
	exit 1
}

# Debug Level setting
_debugLevel="--debug-level expert"
#_debugLevel=""

# Validate argument
_privateKeyFile="$1"
[[ -f "${_privateKeyFile}" ]] ||
	abortMsg "required argument: PRIVATE-KEY-FILE"

# Temporary directory
_tempDir="$(mktemp -d)"

# Cleanup routine
function _performCleanup() {
	ps -ef | fgrep gpg-agent | fgrep -- "${_tempDir}" | awk '{print $2}' | xargs kill
	#rm -rf "${_tempDir}"
}
trap _performCleanup EXIT

# Write passphrase
_passPhraseFile="${_tempDir}/passPhraseFile"
uuidgen >"${_passPhraseFile}" || abortMsg "failed writing passphrase"

# Print version
echo "INFO: Dumping GPG version"
echo ""
gpg --version || abortMsg "failed dumping GPG version"
echo ""
echo "SUCCESS: Dumped GPG version"

# Generate random test data
echo "INFO: Generating random test data"
_randomTestData="${_tempDir}/randomTestData.dat"
dd if=/dev/urandom of="${_randomTestData}" bs=1024 count=64 ||
	abortMsg "Generating random test data failed"
echo "SUCCESS: Random test data generation complete"
_encryptedData="${_tempDir}/randomTestData.encrypted"
_decryptedData="${_tempDir}/randomTestData.decrypted"

# Public home (outbound)
_publicHome="${_tempDir}/public"
mkdir -p "${_publicHome}" || abortMsg "creating directory '${_publicHome}' failed"
chmod 700 "${_publicHome}" || abortMsg "setting permissions on directory '${_publicHome}' failed"

# Private home (inbound)
_privateHome="${_tempDir}/private"
mkdir -p "${_privateHome}" || abortMsg "creating directory '${_privateHome}' failed"
chmod 700 "${_privateHome}" || abortMsg "setting permissions on directory '${_privateHome}' failed"

# Start GPG agent
echo "INFO: Starting GPG agent"
gpg-agent ${_debugLevel} --homedir "${_privateHome}" --daemon
echo "DONE: Started GPG agent"

# Import private key into GPG
echo "INFO: Importing private key into GPG"
gpg --batch --pinentry-mode loopback --passphrase-file "${_passPhraseFile}" \
	--homedir "${_privateHome}" --import "${_privateKeyFile}" ||
		abortMsg "gpg private key import failed"
echo "SUCCESS: Private key imported into GPG"

# Set key trust to ultimate
echo "INFO: Configure GPG to fully trust private key"
gpg --homedir "${_privateHome}" --list-keys --with-colons |
	egrep ^fpr: |
	cut -d: -f10 |
	sed -e 's/$/:6:/' |
	gpg --homedir "${_privateHome}" --import-ownertrust ||
		abortMsg "GPG key trust failed"
echo "SUCCESS: Configured GPG to fully trust private key"

# Export public key
echo "INFO: Exporting public key"
_privateKeyId="$(gpg --homedir "${_privateHome}" --list-keys | egrep ^uid | awk '{print$3}')"
[ -n "${_privateKeyId}" ] || abortMsg "Could not determine ID of private key"
gpg --homedir "${_privateHome}" --output "${_tempDir}/publicKey.out" --export "${_privateKeyId}" ||
	abortMsg "public key export failed"
echo "SUCCESS: Public key exported from GPG"

# Import public key into GPG public home
echo "INFO: Importing public key into GPG"
gpg --homedir "${_publicHome}" --import "${_tempDir}/publicKey.out" ||
	abortMsg "gpg public key import failed"
echo "SUCCESS: Public key imported into GPG"

# Set key trust to ultimate
echo "INFO: Configure GPG to fully trust public key"
gpg --homedir "${_publicHome}" --list-keys --with-colons |
	egrep ^fpr: |
	cut -d: -f10 |
	sed -e 's/$/:6:/' |
	gpg --homedir "${_publicHome}" --import-ownertrust ||
		abortMsg "GPG key trust failed"
echo "SUCCESS: Configured GPG to fully trust public key"

# Encrypt the random test data
echo "INFO: About to encrypt random data using GPG"
cat "${_randomTestData}" |
	gpg --batch --homedir "${_publicHome}" --batch --encrypt \
		-r "${_privateKeyId}" --cipher-algo AES256 --compress-algo none -o "${_encryptedData}" ||
	abortMsg "encryption of test data fails"
echo "SUCCESS: Encrypted random data using GPG"

# Decrypt the data
gpg ${_debugLevel} --batch --pinentry-mode loopback --passphrase-file "${_passPhraseFile}" \
	--homedir "${_privateHome}" --output "${_decryptedData}" --decrypt "${_encryptedData}" \
		|| abortMsg "decryption failed"
	#!/bin/bash
	#
	# testGpg.sh - performs test of GPG functionality using generated key
	#

	# This one-liner switches to script directory respecting symlinks
	cd "$([ -L "$0" ] && dirname "$(_link="$0"; while [ -L "${_link}" ]; do _to="$(readlink "${_link}")"; _link="$([[ "${_to}" = /* ]] && echo "${_to}" \|\| echo "$(dirname "${_link}")/${_to}")"; done; echo "${_link}")" \|\| dirname "$0")"

	# Routine to display error message and exit
	abortMsg() {
	echo 1>&2 "ERROR: $*"
	exit 1
	}

	# Debug Level setting
	_debugLevel="--debug-level expert"
	#_debugLevel=""

	# Validate argument
	_privateKeyFile="$1"
	[[ -f "${_privateKeyFile}" ]] \|\|
	abortMsg "required argument: PRIVATE-KEY-FILE"

	# Temporary directory
	_tempDir="$(mktemp -d)"

	# Cleanup routine
	function _performCleanup() {
	ps -ef \| fgrep gpg-agent \| fgrep -- "${_tempDir}" \| awk '{print $2}' \| xargs kill
	#rm -rf "${_tempDir}"
	}
	trap _performCleanup EXIT

	# Write passphrase
	_passPhraseFile="${_tempDir}/passPhraseFile"
	uuidgen >"${_passPhraseFile}" \|\| abortMsg "failed writing passphrase"

	# Print version
	echo "INFO: Dumping GPG version"
	echo ""
	gpg --version \|\| abortMsg "failed dumping GPG version"
	echo ""
	echo "SUCCESS: Dumped GPG version"

	# Generate random test data
	echo "INFO: Generating random test data"
	_randomTestData="${_tempDir}/randomTestData.dat"
	dd if=/dev/urandom of="${_randomTestData}" bs=1024 count=64 \|\|
	abortMsg "Generating random test data failed"
	echo "SUCCESS: Random test data generation complete"
	_encryptedData="${_tempDir}/randomTestData.encrypted"
	_decryptedData="${_tempDir}/randomTestData.decrypted"

	# Public home (outbound)
	_publicHome="${_tempDir}/public"
	mkdir -p "${_publicHome}" \|\| abortMsg "creating directory '${_publicHome}' failed"
	chmod 700 "${_publicHome}" \|\| abortMsg "setting permissions on directory '${_publicHome}' failed"

	# Private home (inbound)
	_privateHome="${_tempDir}/private"
	mkdir -p "${_privateHome}" \|\| abortMsg "creating directory '${_privateHome}' failed"
	chmod 700 "${_privateHome}" \|\| abortMsg "setting permissions on directory '${_privateHome}' failed"

	# Start GPG agent
	echo "INFO: Starting GPG agent"
	gpg-agent ${_debugLevel} --homedir "${_privateHome}" --daemon
	echo "DONE: Started GPG agent"

	# Import private key into GPG
	echo "INFO: Importing private key into GPG"
	gpg --batch --pinentry-mode loopback --passphrase-file "${_passPhraseFile}" \
	--homedir "${_privateHome}" --import "${_privateKeyFile}" \|\|
	abortMsg "gpg private key import failed"
	echo "SUCCESS: Private key imported into GPG"

	# Set key trust to ultimate
	echo "INFO: Configure GPG to fully trust private key"
	gpg --homedir "${_privateHome}" --list-keys --with-colons \|
	egrep ^fpr: \|
	cut -d: -f10 \|
	sed -e 's/$/:6:/' \|
	gpg --homedir "${_privateHome}" --import-ownertrust \|\|
	abortMsg "GPG key trust failed"
	echo "SUCCESS: Configured GPG to fully trust private key"

	# Export public key
	echo "INFO: Exporting public key"
	_privateKeyId="$(gpg --homedir "${_privateHome}" --list-keys \| egrep ^uid \| awk '{print$3}')"
	[ -n "${_privateKeyId}" ] \|\| abortMsg "Could not determine ID of private key"
	gpg --homedir "${_privateHome}" --output "${_tempDir}/publicKey.out" --export "${_privateKeyId}" \|\|
	abortMsg "public key export failed"
	echo "SUCCESS: Public key exported from GPG"

	# Import public key into GPG public home
	echo "INFO: Importing public key into GPG"
	gpg --homedir "${_publicHome}" --import "${_tempDir}/publicKey.out" \|\|
	abortMsg "gpg public key import failed"
	echo "SUCCESS: Public key imported into GPG"

	# Set key trust to ultimate
	echo "INFO: Configure GPG to fully trust public key"
	gpg --homedir "${_publicHome}" --list-keys --with-colons \|
	egrep ^fpr: \|
	cut -d: -f10 \|
	sed -e 's/$/:6:/' \|
	gpg --homedir "${_publicHome}" --import-ownertrust \|\|
	abortMsg "GPG key trust failed"
	echo "SUCCESS: Configured GPG to fully trust public key"

	# Encrypt the random test data
	echo "INFO: About to encrypt random data using GPG"
	cat "${_randomTestData}" \|
	gpg --batch --homedir "${_publicHome}" --batch --encrypt \
	-r "${_privateKeyId}" --cipher-algo AES256 --compress-algo none -o "${_encryptedData}" \|\|
	abortMsg "encryption of test data fails"
	echo "SUCCESS: Encrypted random data using GPG"

	# Decrypt the data
	gpg ${_debugLevel} --batch --pinentry-mode loopback --passphrase-file "${_passPhraseFile}" \
	--homedir "${_privateHome}" --output "${_decryptedData}" --decrypt "${_encryptedData}" \
	\|\| abortMsg "decryption failed"