-
Notifications
You must be signed in to change notification settings - Fork 37
/
keys.sh
executable file
·78 lines (63 loc) · 2.06 KB
/
keys.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/bash -e
EMAIL=${EMAIL:[email protected]}
SSHKEYNAME=travis-deploy-key
PASSPHRASE=$(uuidgen)
OPENSSL_KEY=`openssl rand -hex 32`
OPENSSL_IV=`openssl rand -hex 16`
SECRETS=./.secrets
GPGHOME=$SECRETS/gnupg.home
GPGTARGET=$SECRETS/gnupg
LOCALSBT=$SECRETS/local.sbt
GPGTMP=/tmp/gpginput
PUBRING=$GPGTARGET/pubring.gpg
SECRING=$GPGTARGET/secring.gpg
SSHKEY=$SECRETS/$SSHKEYNAME
echo "GPG Passphrase: $PASSPHRASE"
echo "SECRETS ENCRYPTION:"
echo "OPENSSL_KEY=$OPENSSL_KEY"
echo "OPENSSL_IV=$OPENSSL_IV"
rm -rf $GPGTARGET
rm -rf $GPGHOME
mkdir -p $GPGTARGET
mkdir -p $GPGHOME
chmod 700 $GPGHOME
cat >$GPGTMP <<EOF
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 1024
Key-Usage: encrypt,sign,auth
Name-Real: Pavel Shirshov
Name-Comment: izumi-r2 sonatype key
Name-Email: $EMAIL
Expire-Date: 0
Passphrase: $PASSPHRASE
%commit
%echo done
EOF
# Subkey-Type: RSA
# Subkey-Length: 2048
# Subkey-Usage: encrypt,sign,auth
gpg --homedir $GPGHOME --batch --full-generate-key $GPGTMP
rm -f $GPGTMP
# export
gpg --homedir $GPGHOME --list-keys --keyid-format short
gpg --homedir $GPGHOME --batch --yes --passphrase $PASSPHRASE --pinentry-mode loopback --export-secret-keys > $SECRING
gpg --homedir $GPGHOME --batch --yes --passphrase $PASSPHRASE --pinentry-mode loopback --export > $PUBRING
#sbt shim
rm -f local.sbt
cat >$LOCALSBT <<EOF
pgpPassphrase := Some("$PASSPHRASE".toCharArray)
pgpSecretRing := file("$SECRING")
pgpPublicRing := file("$PUBRING")
useGpg := false
EOF
ln -s $LOCALSBT .
# publish
for fpr in $(gpg --homedir $GPGHOME --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u); do
gpg --homedir $GPGHOME --send-keys --keyserver ipv4.pool.sks-keyservers.net $fpr
gpg --homedir $GPGHOME --send-keys --keyserver keyserver.ubuntu.com $fpr
done
#ssh key
ssh-keygen -N "" -t rsa -m PEM -b 4096 -C $SSHKEYNAME -f $SSHKEY && cat $SSHKEY.pub
tar cvf secrets.tar -v --exclude=gnupg.home .secrets
openssl aes-256-cbc -K ${OPENSSL_KEY} -iv ${OPENSSL_IV} -in secrets.tar -out secrets.tar.enc