a.sh
:
apk add gpg gpg-agent
mkdir a
GNUPGHOME=a gpg --quick-gen-key --batch --passphrase '' a@gmail.com
mkdir b
GNUPGHOME=b gpg --quick-gen-key --batch --passphrase '' b@gmail.com
GNUPGHOME=b gpg --export --output b.gpg b@gmail.com
GNUPGHOME=a gpg --import b.gpg
b_fingerprint=`GNUPGHOME=a gpg --fingerprint --with-colons b@gmail.com | awk -F: '/^pub:/ {getline; print $10}'`
GNUPGHOME=a gpg --quick-sign-key "$b_fingerprint"
echo 42 > c
GNUPGHOME=a gpg --encrypt --recipient b@gmail.com --output c.gpg c
GNUPGHOME=b gpg --decrypt --output c2 c.gpg
cat c2
$ docker run --rm -v $PWD/a.sh:/a.sh alpine:3.16 sh -eux ./a.sh
...
+ mkdir a
+ GNUPGHOME=a gpg --quick-gen-key --batch --passphrase a@gmail.com
gpg: keybox '/a/pubring.kbx' created
gpg: /a/trustdb.gpg: trustdb created
gpg: directory '/a/openpgp-revocs.d' created
gpg: revocation certificate stored as '/a/openpgp-revocs.d/C18CCF44E246369593F2E115629E83B8B77B9550.rev'
+ mkdir b
+ GNUPGHOME=b gpg --quick-gen-key --batch --passphrase b@gmail.com
gpg: keybox '/b/pubring.kbx' created
gpg: /b/trustdb.gpg: trustdb created
gpg: directory '/b/openpgp-revocs.d' created
gpg: revocation certificate stored as '/b/openpgp-revocs.d/2731E3B4CBF117A643974F874F6B2EC9F65A082C.rev'
+ GNUPGHOME=b gpg --export --output b.gpg b@gmail.com
+ GNUPGHOME=a gpg --import b.gpg
gpg: key 4F6B2EC9F65A082C: public key "b@gmail.com" imported
gpg: Total number processed: 1
gpg: imported: 1
+ GNUPGHOME=a gpg --fingerprint --with-colons b@gmail.com
+ awk -F: '/^pub:/ { getline; print $10}'
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2024-06-07
+ b_fingerprint=2731E3B4CBF117A643974F874F6B2EC9F65A082C
+ GNUPGHOME=a gpg --quick-sign-key 2731E3B4CBF117A643974F874F6B2EC9F65A082C
pub rsa3072/4F6B2EC9F65A082C
created: 2022-06-08 expires: 2024-06-07 usage: SC
trust: unknown validity: unknown
Primary key fingerprint: 2731 E3B4 CBF1 17A6 4397 4F87 4F6B 2EC9 F65A 082C
b@gmail.com
This key is due to expire on 2024-06-07.
+ echo 42
+ GNUPGHOME=a gpg --encrypt --recipient b@gmail.com --output c.gpg c
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-06-07
+ GNUPGHOME=b gpg --decrypt --output c2 c.gpg
gpg: encrypted with 3072-bit RSA key, ID 91653D9150F31E77, created 2022-06-08
"b@gmail.com"
+ cat c2
42