venoms/gpg-environment.sh

## gpg-environment.sh
command -v gpg2 >/dev/null 2>&1 || { echo >&2 "gpg2 must be installed"; exit 1; }


echo "This script is designed for generating a GPG environment on a USB key."

set -e
echo -e "Enter the path to your USB storage device, ^c to exit...\n"
read -r target
echo -e "\n"
echo -e "Enter your full name...\n"
read -r name
echo -e "\n"
echo -e "Enter your email...\n"
read -r email
echo -e "\n"

echo -e "Please make sure everything is OK, and press enter to continue, or ^c to exit."
read -r ok
echo -e "\n"

cat > $target/keygen-config <<GPG_CONFIG
%echo generating keys...
%echo you may need to wait a while while gpg gets some entropy
%echo video games provide a ton of entropy
%echo doing things also does
Key-Type: RSA
%echo generating 'sports car' length master key
Key-Length: 3072
Key-Usage: sign,auth
Subkey-Type: RSA
Subkey-Length: 2048
Subkey-Usage: encrypt,sign,auth
Name-Real: $name
Name-Email: $email
%commit
%echo done generating keys!
GPG_CONFIG

gpg="$target/gpg.sh"

cat > $gpg <<BASH
DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
gpg2 --homedir="\$DIR" "\$@"
BASH

chmod +x "$gpg"
echo "$gpg created: use this to run GPG from your medium"


$gpg --gen-key --batch $target/keygen-config


cat > "$target/export-subkey.sh" <<BASH
set -e
read "This script will import your subkey (including private key) into this computer. Press enter to continue or ^c to exit."
read -r ok
DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
\$DIR/gpg.sh --export-secret-subkeys --armor "$email" | gpg --import
echo "Should be here:"
gpg --list-keys "$email"
BASH

chmod +x "$target/export-subkey.sh"
echo "$target/export-subkey.sh created: use this to import your subkey into a local GPG instance."


echo "
Printing out the generated keys.
pub: public key
uid: user id
sub: sub key"

$gpg --list-keys

echo "A GPG envionment with a key and a subkey has been created on the usb key.

You can use ./gpg.sh on the USB key to run gpg in this context.

For more information on subkeys and why they're good, read this:
https://wiki.debian.org/Subkeys

The long and short of it is that subkeys can be managed and revoked independently by and from the master key. You can do cool stuff like putting just the subkey on a computer and revoking it by the USB residing masterkey if it gets popped.

To use a yubikey, now follow this tutorial:

https://www.yubico.com/2012/12/yubikey-neo-openpgp/"
	command -v gpg2 >/dev/null 2>&1 \|\| { echo >&2 "gpg2 must be installed"; exit 1; }


	echo "This script is designed for generating a GPG environment on a USB key."

	set -e
	echo -e "Enter the path to your USB storage device, ^c to exit...\n"
	read -r target
	echo -e "\n"
	echo -e "Enter your full name...\n"
	read -r name
	echo -e "\n"
	echo -e "Enter your email...\n"
	read -r email
	echo -e "\n"

	echo -e "Please make sure everything is OK, and press enter to continue, or ^c to exit."
	read -r ok
	echo -e "\n"

	cat > $target/keygen-config <<GPG_CONFIG
	%echo generating keys...
	%echo you may need to wait a while while gpg gets some entropy
	%echo video games provide a ton of entropy
	%echo doing things also does
	Key-Type: RSA
	%echo generating 'sports car' length master key
	Key-Length: 3072
	Key-Usage: sign,auth
	Subkey-Type: RSA
	Subkey-Length: 2048
	Subkey-Usage: encrypt,sign,auth
	Name-Real: $name
	Name-Email: $email
	%commit
	%echo done generating keys!
	GPG_CONFIG

	gpg="$target/gpg.sh"

	cat > $gpg <<BASH
	DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
	gpg2 --homedir="\$DIR" "\$@"
	BASH

	chmod +x "$gpg"
	echo "$gpg created: use this to run GPG from your medium"



	$gpg --gen-key --batch $target/keygen-config




	cat > "$target/export-subkey.sh" <<BASH
	set -e
	read "This script will import your subkey (including private key) into this computer. Press enter to continue or ^c to exit."
	read -r ok
	DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
	\$DIR/gpg.sh --export-secret-subkeys --armor "$email" \| gpg --import
	echo "Should be here:"
	gpg --list-keys "$email"
	BASH

	chmod +x "$target/export-subkey.sh"
	echo "$target/export-subkey.sh created: use this to import your subkey into a local GPG instance."



	echo "
	Printing out the generated keys.
	pub: public key
	uid: user id
	sub: sub key"

	$gpg --list-keys

	echo "A GPG envionment with a key and a subkey has been created on the usb key.

	You can use ./gpg.sh on the USB key to run gpg in this context.

	For more information on subkeys and why they're good, read this:
	https://wiki.debian.org/Subkeys

	The long and short of it is that subkeys can be managed and revoked independently by and from the master key. You can do cool stuff like putting just the subkey on a computer and revoking it by the USB residing masterkey if it gets popped.

	To use a yubikey, now follow this tutorial:

	https://www.yubico.com/2012/12/yubikey-neo-openpgp/"