File: release_util_script_create_gpg.sh

package info (click to toggle)
cbmc 6.6.0-4
  • links: PTS
  • area: main
  • in suites: forky, sid, trixie
  • size: 153,852 kB
  • sloc: cpp: 386,459; ansic: 114,466; java: 28,405; python: 6,003; yacc: 4,552; makefile: 4,041; lex: 2,487; xml: 2,388; sh: 2,050; perl: 557; pascal: 184; javascript: 163; ada: 36
file content (68 lines) | stat: -rwxr-xr-x 2,621 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
#!/bin/bash
set -euo pipefail
#--------------------------------------------------------------------------------
SSL_PWD="$1"
RELEASE_KEY_TO_PUBLIC_SERVER="true"
#--------------------------------------------------------------------------------
cat >gen-key-script <<EOF
      %echo Generating a basic OpenPGP key
      Key-Type: RSA
      Key-Length: 4096
      Name-Real: Peter Schrammel
      Name-Email: peter.schrammel@diffblue.com
      Name-Comment:"CProver Java API" 
      Expire-Date: 1y
      %no-protection
      %commit
      %echo done
EOF

## create a local keypair with given configuration
gpg --batch --gen-key gen-key-script
#----------------------------------
#gpg --quick-gen-key 'Peter Schrammel <peter.schrammel@diffblue.com>'
#--------------------------------------------------------------------------------
## get key id
GPG_KEYID=$( gpg --list-keys --with-colons "Peter Schrammel" | grep "pub" | head -n1 | cut -d ':' -f5 )
echo "key id is: ${GPG_KEYID}"

echo "encrypted key id is:"
GPG_KEYID_ENC=$(echo "${GPG_KEYID}" | openssl aes-256-cbc -a -salt -pass pass:"${SSL_PWD}" | openssl enc -A -base64)
echo "${GPG_KEYID_ENC}"
#--------------------------------------------------------------------------------
## list keys public
echo "------- list public keys ------------------"
gpg --list-keys
## list keys private
echo "------- list private keys -----------------"
gpg --list-secret-keys
#--------------------------------------------------------------------------------
if [[ "${RELEASE_KEY_TO_PUBLIC_SERVER}" == "true" ]]
then
    #gpg --keyserver keyserver.ubuntu.com --send-keys ${GPG_KEYID}
    gpg --keyserver pgp.mit.edu --send-keys "${GPG_KEYID}"

    ## wait for the key to be accessible
    while(true); do
        date
        #gpg --keyserver keyserver.ubuntu.com --recv-keys ${GPG_KEYID} && break || sleep 15
        gpg --keyserver pgp.mit.edu --recv-keys "${GPG_KEYID}" && break || sleep 20
    done
fi
#--------------------------------------------------------------------------------
## export key
# gpg --batch --export-secret-key ${GPG_KEYID} -a --passphrase "" > private1.gpg
gpg --batch -a --export-secret-key "${GPG_KEYID}" > private1.gpg
#gpg --armor --export-secret-key 'Peter Schrammel <peter.schrammel@diffblue.com>'

## encode key to file
openssl enc -aes-256-cbc -pass pass:"${SSL_PWD}" -in private1.gpg -out private1.gpg.enc
rm private1.gpg

## remove generated key
gpg --delete-secret-keys "${GPG_KEYID}"
gpg --delete-key "${GPG_KEYID}"

## cleanup local configuration
rm gen-key-script
#--------------------------------------------------------------------------------