From 965743c6789c75ad1ac17cf61441155114ae4c79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20K=C3=BCtemeier?= Date: Sun, 16 May 2021 14:21:37 +0200 Subject: [PATCH 1/4] Add optional generation of Curve25519 type GPG keys --- pkgs/sops-init-gpg-key/sops-init-gpg-key | 30 ++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/pkgs/sops-init-gpg-key/sops-init-gpg-key b/pkgs/sops-init-gpg-key/sops-init-gpg-key index f0a4f65..547b3ee 100755 --- a/pkgs/sops-init-gpg-key/sops-init-gpg-key +++ b/pkgs/sops-init-gpg-key/sops-init-gpg-key @@ -3,7 +3,7 @@ set -o errexit -o pipefail -o noclobber -o nounset OPTIONS=h -LONGOPTS=help,gpghome:,hostname: +LONGOPTS=help,gpghome:,hostname:,keytype: ! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS --name "$0" -- "$@") @@ -17,9 +17,13 @@ eval set -- "$PARSED" FINAL_GNUPGHOME=/root/.gnupg HOSTNAME=$(hostname) +KEYTYPE="RSA" usage() { - echo "$0: [--hostname hostname] [--gpghome home]" + echo "$0: [--hostname hostname] [--gpghome home] [--keytype keytype]" + echo + echo " keytype: RSA (default) or Curve25519" + echo } while true; do @@ -36,6 +40,10 @@ while true; do HOSTNAME=$2 shift 2 ;; + --keytype) + KEYTYPE=$2 + shift 2 + ;; --) shift break @@ -56,10 +64,28 @@ fi export GNUPGHOME=$(mktemp -d) trap "rm -rf $GNUPGHOME" EXIT + cat > "$GNUPGHOME/key-template" <> "$GNUPGHOME/key-template" <> "$GNUPGHOME/key-template" <> "$GNUPGHOME/key-template" < Date: Thu, 5 Jan 2023 23:08:24 +0100 Subject: [PATCH 2/4] Add documentation for sops-init-gpg-key with a Curved25119 key to the README file --- README.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3a708cf..89f3c49 100644 --- a/README.md +++ b/README.md @@ -764,7 +764,34 @@ EOF # fingerprint: E4CA86768F176AEB6C01554153AF8D7F149613B1 ``` -In this case, you must upload the GPG key directory `/tmp/newkey` onto the server. +You can choose between a RSA GPG key (default, like in the example above) or a +Curve25519 based one by adding `--keytype Curve25519` like so: + +```console +$ nix-shell -p sops-init-gpg-key +$ sops-init-gpg-key --hostname server01 --gpghome /tmp/newkey --keytype Curve25519 +You can use the following command to save it to a file: +cat > server01.asc < Date: Wed, 11 Jan 2023 10:00:25 +0100 Subject: [PATCH 3/4] Update pkgs/sops-init-gpg-key/sops-init-gpg-key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jörg Thalheim --- pkgs/sops-init-gpg-key/sops-init-gpg-key | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/sops-init-gpg-key/sops-init-gpg-key b/pkgs/sops-init-gpg-key/sops-init-gpg-key index 547b3ee..821ae8d 100755 --- a/pkgs/sops-init-gpg-key/sops-init-gpg-key +++ b/pkgs/sops-init-gpg-key/sops-init-gpg-key @@ -78,7 +78,7 @@ Subkey-Type: ecdh Subkey-Curve: Curve25519 Subkey-Usage: encrypt EOF -else +elif [[ "$KEYTYPE" == "RSA" ]]; then cat >> "$GNUPGHOME/key-template" < Date: Wed, 11 Jan 2023 10:00:33 +0100 Subject: [PATCH 4/4] Update pkgs/sops-init-gpg-key/sops-init-gpg-key MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jörg Thalheim --- pkgs/sops-init-gpg-key/sops-init-gpg-key | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/sops-init-gpg-key/sops-init-gpg-key b/pkgs/sops-init-gpg-key/sops-init-gpg-key index 821ae8d..1d4a28f 100755 --- a/pkgs/sops-init-gpg-key/sops-init-gpg-key +++ b/pkgs/sops-init-gpg-key/sops-init-gpg-key @@ -83,6 +83,9 @@ elif [[ "$KEYTYPE" == "RSA" ]]; then Key-Type: 1 Key-Length: 2048 EOF +else + echo "unknown keytype '$KEYTYPE'" + exit 1 fi cat >> "$GNUPGHOME/key-template" <