From 965743c6789c75ad1ac17cf61441155114ae4c79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20K=C3=BCtemeier?= <joerg@kuetemeier.de>
Date: Sun, 16 May 2021 14:21:37 +0200
Subject: [PATCH] Add optional generation of Curve25519 type GPG keys

---
 pkgs/sops-init-gpg-key/sops-init-gpg-key | 30 ++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/pkgs/sops-init-gpg-key/sops-init-gpg-key b/pkgs/sops-init-gpg-key/sops-init-gpg-key
index f0a4f65..547b3ee 100755
--- a/pkgs/sops-init-gpg-key/sops-init-gpg-key
+++ b/pkgs/sops-init-gpg-key/sops-init-gpg-key
@@ -3,7 +3,7 @@
 set -o errexit -o pipefail -o noclobber -o nounset
 
 OPTIONS=h
-LONGOPTS=help,gpghome:,hostname:
+LONGOPTS=help,gpghome:,hostname:,keytype:
 
 ! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS --name "$0" -- "$@")
 
@@ -17,9 +17,13 @@ eval set -- "$PARSED"
 
 FINAL_GNUPGHOME=/root/.gnupg
 HOSTNAME=$(hostname)
+KEYTYPE="RSA"
 
 usage() {
-    echo "$0: [--hostname hostname] [--gpghome home]"
+    echo "$0: [--hostname hostname] [--gpghome home] [--keytype keytype]"
+    echo
+    echo "  keytype: RSA (default) or Curve25519"
+    echo
 }
 
 while true; do
@@ -36,6 +40,10 @@ while true; do
       HOSTNAME=$2
       shift 2
       ;;
+    --keytype)
+      KEYTYPE=$2
+      shift 2
+      ;;
     --)
       shift
       break
@@ -56,10 +64,28 @@ fi
 export GNUPGHOME=$(mktemp -d)
 trap "rm -rf $GNUPGHOME" EXIT
 
+
 cat > "$GNUPGHOME/key-template" <<EOF
 %no-protection
+EOF
+
+if [[ "$KEYTYPE" == "Curve25519" ]]; then
+  cat >> "$GNUPGHOME/key-template" <<EOF
+Key-Type: eddsa
+Key-Curve: Ed25519
+Key-Usage: sign
+Subkey-Type: ecdh
+Subkey-Curve: Curve25519
+Subkey-Usage: encrypt
+EOF
+else 
+  cat >> "$GNUPGHOME/key-template" <<EOF
 Key-Type: 1
 Key-Length: 2048
+EOF
+fi
+
+cat >> "$GNUPGHOME/key-template" <<EOF
 Name-Real: $HOSTNAME
 Name-Email: root@$HOSTNAME
 Expire-Date: 0