GPG Preset Passphrase script

gpg-preset-key.sh

#!/bin/bash

# Hacked from https://superuser.com/a/1586033

set -e
GPG_PRESET_PASS="/usr/lib/gnupg/gpg-preset-passphrase"

SCRIPT="$(basename "$(test -L "$0" && readlink "$0" || echo "$0")")"

if [[ -z $1 ]]; then
    echo "Usage:"
    echo "  ${SCRIPT} <key email>"
    exit 1
fi

KEY_GRIP=$(gpg --with-keygrip --list-secret-keys --fingerprint $1 | grep -Pom1 '^ *Keygrip += +\K.*')
echo "Found key:" ${KEY_GRIP}
read -s -p "Enter passphrase to cache into gpg-agent: " PASSPHRASE; echo

$GPG_PRESET_PASS -c $KEY_GRIP <<< $PASSPHRASE
RETVAL=$?
if [ $RETVAL = 0 ]; then
    echo "Passphrase OK"
    echo
    echo "Current agent cache:"
    gpg-connect-agent 'keyinfo --list' /bye
else
    echo "Passphrase FAILED"
fi

gpg_cache.sh

# Run gpg-agent and unlock GPG key from 1Password
# See https://bmaingret.github.io/blog/2022-02-15-1Password-gpg-git-seamless-commits-signing

FINGERPRINT=<your@email.com>
1PASSWORD_ACCOUNT="my.1password.com"
1PASSWORD_ENTITY="<your GPG passphrase entity ID in 1Password>"

GPG_PRESET=/usr/local/MacGPG2/libexec/gpg-preset-passphrase
export GPG_KEYGRIP=$(gpg --with-keygrip --list-secret-key --fingerprint ${FINGERPRINT} | grep -A 1 ssb | tail -1 | awk '/Keygrip/ { print $3 }')

function gpg_cache() {
  echo "Checking 1Password authentication"
  if [[ ! $(op whoami) ]]; then
    eval $(op signin --account ${1PASSWORD_ACCOUNT})
    echo "Caching KEYGRIP '${GPG_KEYGRIP}'\n"
    op --format json item get ${1PASSWORD_ENTITY} --fields password | jq ".value" | ${GPG_PRESET} --preset ${GPG_KEYGRIP}
  fi
  echo "Active GPG keys"
  gpg-connect-agent -q 'keyinfo --list' /bye 
}
echo ""
echo "-------------"
echo "Setting up GPG signing key(s)"
gpg_cache