test/gnupg_test_home/regen_keys.sh

test/gnupg_test_home/regen_keys.sh (2740B) - raw
      1 #!/bin/bash
      2 #
      3 # re-generate test keys for the sup test base
      4 #
      5 # https://github.com/sup-heliotrope/sup/wiki/Development%3A-Crypto
      6 # 
      7 # Requires GPG 2.1+ installed as "gpg2"
      8 # 
      9 # GPG 2.1+ by default uses pubring.kbx - but this isn't backwards compatible
     10 # with GPG 1 or GPG 2.0.
     11 # Workaround:
     12 #   - Create empty pubring.gpg file, which causes GPG 2.1+ to use this
     13 #     backwards-compatible store.
     14 #   - Manually export private key copy to secring.gpg, which would be used
     15 #     by GPG 1.
     16 
     17 set -e -u -o pipefail
     18 
     19 pushd $(dirname $0)
     20 
     21 echo "Generating keys in: $(pwd)..."
     22 
     23 echo "Checking gpg2 version"
     24 gpg2 --version | head -1
     25 
     26 echo "Deleting all existing test keys"
     27 rm -f \
     28     *.gpg \
     29     *.asc \
     30     private-keys-v1.d/*.key \
     31     .gpg-v21-migrated
     32 
     33 echo "Generating key pair for test receiver (email sup-test-2@foo.bar.asc)"
     34 touch pubring.gpg  # So GPG 2.1+ writes to pubring.gpg instead of pubring.kbx
     35 gpg2 \
     36     --homedir . \
     37     --batch \
     38     --pinentry-mode loopback \
     39     --passphrase '' \
     40     --quick-generate-key sup-test-2@foo.bar rsa encrypt,sign 0
     41 
     42 echo "Exporting public key only for test receiver (file sup-test-2@foo.bar.asc)"
     43 gpg2 \
     44     --homedir . \
     45     --armor \
     46     --output sup-test-2@foo.bar.asc \
     47     --export sup-test-2@foo.bar
     48 
     49 echo "Backing up secret key for test receiver (file receiver_secring.gpg)"
     50 gpg2 \
     51     --homedir . \
     52     --export-secret-keys \
     53     >receiver_secring.gpg
     54 
     55 echo "Backing up pubring.gpg for test receiver (file receiver_pubring.gpg)"
     56 cp -a pubring.gpg receiver_pubring.gpg
     57 
     58 echo "Clearing key store, so we can start from a blank slate for next key(s)"
     59 rm -f pubring.gpg trustdb.gpg private-keys-v1.d/*.key .gpg-v21-migrated
     60 
     61 echo "Generating key pair for sender (email sup-test-1@foo.bar)"
     62 touch pubring.gpg  # So GPG 2.1+ writes to pubring.gpg instead of pubring.kbx
     63 gpg2 \
     64     --homedir . \
     65     --batch \
     66     --pinentry-mode loopback \
     67     --passphrase '' \
     68     --quick-generate-key sup-test-1@foo.bar rsa encrypt,sign 0
     69 
     70 echo "Generating key pair for sender alternate address (email sup-fake-ecc@fake.fake)"
     71 gpg2 \
     72     --homedir . \
     73     --batch \
     74     --pinentry-mode loopback \
     75     --passphrase '' \
     76     --default-new-key-algo "ed25519/cert,sign+cv25519/encr" \
     77     --quick-generate-key sup-fake-ecc@fake.fake default default 0
     78 
     79 echo "Importing public key for receiver, into sender's key store"
     80 gpg2 \
     81     --homedir . \
     82     --import sup-test-2@foo.bar.asc
     83 
     84 echo "Copy private key also to secring.gpg (old format used by GPG 1)"
     85 gpg2 \
     86     --homedir . \
     87     --export-secret-keys \
     88     >secring.gpg
     89 
     90 echo "Done."
     91 
     92 echo "We now have some non-expiring public keys:"
     93 gpg2 --homedir . --list-keys
     94 
     95 echo "And we also have some corresponding private keys:"
     96 gpg2 --homedir . --list-secret-keys
     97 
     98 popd
sup.git
