2019-08-02 17:32:07 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
set -e -u
|
|
|
|
|
|
|
|
|
|
# Keyserver to use. You need to trust this keyserver that the uid is not spoofed when receiving keys
|
|
|
|
|
KEYSERVER=""
|
2019-08-02 17:44:13 +00:00
|
|
|
# File which contains a list of fingerprints to receive and encrypt the vault for
|
2019-08-02 17:32:07 +00:00
|
|
|
KEY_FILE=""
|
2019-08-02 17:44:13 +00:00
|
|
|
REPO_BASE_PATH="$(dirname $0)/.."
|
|
|
|
|
# File in which the passphrase for the gpg vault is encrypted
|
|
|
|
|
VAULT_PASS_FILE="$REPO_BASE_PATH/gpg/vault_passphrase.gpg"
|
2019-08-02 17:32:07 +00:00
|
|
|
|
|
|
|
|
ACTION="$1"
|
|
|
|
|
# default action is vault decrypt
|
|
|
|
|
if [[ -z "$ACTION" ]]; then
|
|
|
|
|
ACTION="decrypt"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
case "$ACTION" in
|
|
|
|
|
"decrypt")
|
2019-08-03 16:07:11 +00:00
|
|
|
gpg2 --batch --use-agent --decrypt $VAULT_PASS_FILE 2>/dev/null
|
2019-08-02 17:32:07 +00:00
|
|
|
;;
|
|
|
|
|
|
|
|
|
|
"reencrypt")
|
2019-08-03 16:07:11 +00:00
|
|
|
gpg2 --batch --use-agent --output $REPO_BASE_PATH/gpg/vault_passphrase --decrypt $VAULT_PASS_FILE
|
|
|
|
|
CMD="gpg2 --batch --use-agent --armor --output $VAULT_PASS_FILE"
|
|
|
|
|
for FINGERPRINT in $(cat KEY_FILE) do
|
|
|
|
|
CMD="$CMD --recipient $FINGERPRINT"
|
|
|
|
|
done
|
|
|
|
|
CMD="$CMD --encrypt $REPO_BASE_PATH/gpg/vault_passhphrase"
|
|
|
|
|
$($CMD)
|
2019-08-02 17:32:07 +00:00
|
|
|
;;
|
2019-08-02 17:44:13 +00:00
|
|
|
|
|
|
|
|
"init")
|
|
|
|
|
mkdir -p $REPO_BASE_PATH/gpg
|
|
|
|
|
touch $REPO_BASE_PATH/gpg/vault_passphrase
|
|
|
|
|
touch $REPO_BASE_PATH/gpg/$KEY_FILE
|
|
|
|
|
;;
|
2019-08-02 17:32:07 +00:00
|
|
|
esac
|
|
|
|
|
|
