steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Justfile: make switch-yubikey offline capable

Browse source
This commit is contained in:
steveej 2019-09-06 12:31:10 +02:00
parent 3a17019f44
commit d1ef08ec64
1 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Justfile
View file

@ -245,14 +245,26 @@ run-with-channels +cmds:
# Switch between yubikeys which have a copy of the same key # Switch between yubikeys which have a copy of the same key
switch-yubikey: switch-yubikey:
#!/usr/bin/env bash #!/usr/bin/env bash
# See https://github.com/drduh/YubiKey-Guide/issues/19 #
# Derived from https://github.com/drduh/YubiKey-Guide/issues/19.
#
# Connect the new device and then run this script to make it known to gnupg.
#
set -xe set -xe
KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}') KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
gpg --delete-secret-and-public-keys $KEY_ID
# TODO: fix this as it still blocks on the gpg prompt # export pubkey and ownertrust
gpg2 --edit-card <<-EOF gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}"
fetch gpg2 --export-ownertrust | rg "${KEY_ID}" > "${KEY_ID}".ownertrust
quit
EOF # delete the key
gpg --yes --delete-secret-and-public-keys "${KEY_ID}"
# import pubkey and ownertrust back and cleanup
gpg2 --import "${KEY_ID}".pubkey
gpg2 --import-ownertrust < "${KEY_ID}".ownertrust
rm "${KEY_ID}".{pubkey,ownertrust}
# refresh the gpg agent
gpg-connect-agent "scd serialno" "learn --force" /bye gpg-connect-agent "scd serialno" "learn --force" /bye
gpg --card-status gpg --card-status