Justfile: make switch-yubikey offline capable

2019-09-06 12:31:10 +02:00 · 2019-09-06 12:31:10 +02:00 · d1ef08ec64
commit d1ef08ec64
parent 3a17019f44
1 changed files with 19 additions and 7 deletions
--- a/26
+++ b/26
@ -245,14 +245,26 @@ run-with-channels +cmds:
 # Switch between yubikeys which have a copy of the same key
 switch-yubikey:
 	#!/usr/bin/env bash
-	# See https://github.com/drduh/YubiKey-Guide/issues/19
+	#
+	# Derived from https://github.com/drduh/YubiKey-Guide/issues/19.
+	#
+	# Connect the new device and then run this script to make it known to gnupg.
+	#
 	set -xe
 	KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
-	gpg --delete-secret-and-public-keys $KEY_ID
-	# TODO: fix this as it still blocks on the gpg prompt
-	gpg2 --edit-card <<-EOF
-	fetch
-	quit
-	EOF
+
+	# export pubkey and ownertrust
+	gpg2 --output "${KEY_ID}".pubkey --export "${KEY_ID}"
+	gpg2 --export-ownertrust | rg "${KEY_ID}" > "${KEY_ID}".ownertrust
+
+	# delete the key
+	gpg --yes --delete-secret-and-public-keys "${KEY_ID}"
+
+	# import pubkey and ownertrust back and cleanup
+	gpg2 --import "${KEY_ID}".pubkey
+	gpg2 --import-ownertrust < "${KEY_ID}".ownertrust
+	rm "${KEY_ID}".{pubkey,ownertrust}
+
+	# refresh the gpg agent
 	gpg-connect-agent "scd serialno" "learn --force" /bye
 	gpg --card-status