venoms · March 2, 2016 16:32
diff --git a/gpg-environment.sh b/gpg-environment.sh
 command -v gpg2 >/dev/null 2>&1 || { echo >&2 "gpg2 must be installed"; exit 1; }


 echo "This script is designed for generating a GPG environment on a USB key."

 set -e
 echo -e "Enter the path to your USB storage device, ^c to exit...\n"
 read -r target
 echo -e "\n"
 echo -e "Enter your full name...\n"
 read -r name
 echo -e "\n"
 echo -e "Enter your email...\n"
 read -r email
 echo -e "\n"

 echo -e "Please make sure everything is OK, and press enter to continue, or ^c to exit."
 read -r ok
 echo -e "\n"

 cat > $target/keygen-config <<GPG_CONFIG
 %echo generating keys...
 %echo you may need to wait a while while gpg gets some entropy
 %echo video games provide a ton of entropy
 %echo doing things also does
 Key-Type: RSA
 %echo generating 'sports car' length master key
 Key-Length: 3072
 Key-Usage: sign,auth
 Subkey-Type: RSA
 Subkey-Length: 2048
 Subkey-Usage: encrypt,sign,auth
 Name-Real: $name
 Name-Email: $email
 %commit
 %echo done generating keys!
 GPG_CONFIG

 gpg="$target/gpg.sh"

 cat > $gpg <<BASH
 DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
 gpg2 --homedir="\$DIR" "\$@"
 BASH

 chmod +x "$gpg"
 echo "$gpg created: use this to run GPG from your medium"



 $gpg --gen-key --batch $target/keygen-config




 cat > "$target/export-subkey.sh" <<BASH
 set -e
 read "This script will import your subkey (including private key) into this computer. Press enter to continue or ^c to exit."
 read -r ok
 DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
 \$DIR/gpg.sh --export-secret-subkeys --armor "$email" | gpg --import
 echo "Should be here:"
 gpg --list-keys "$email"
 BASH

 chmod +x "$target/export-subkey.sh"
 echo "$target/export-subkey.sh created: use this to import your subkey into a local GPG instance."



 echo "
 Printing out the generated keys.
 pub: public key
 uid: user id
 sub: sub key"

 $gpg --list-keys

 echo "A GPG envionment with a key and a subkey has been created on the usb key. 

 You can use ./gpg.sh on the USB key to run gpg in this context.

 For more information on subkeys and why they're good, read this: 
 https://wiki.debian.org/Subkeys

 The long and short of it is that subkeys can be managed and revoked independently by and from the master key. You can do cool stuff like putting just the subkey on a computer and revoking it by the USB residing masterkey if it gets popped.

 To use a yubikey, now follow this tutorial:

 https://www.yubico.com/2012/12/yubikey-neo-openpgp/"
	command -v gpg2 >/dev/null 2>&1 \|\| { echo >&2 "gpg2 must be installed"; exit 1; }


	echo "This script is designed for generating a GPG environment on a USB key."

	set -e
	echo -e "Enter the path to your USB storage device, ^c to exit...\n"
	read -r target
	echo -e "\n"
	echo -e "Enter your full name...\n"
	read -r name
	echo -e "\n"
	echo -e "Enter your email...\n"
	read -r email
	echo -e "\n"

	echo -e "Please make sure everything is OK, and press enter to continue, or ^c to exit."
	read -r ok
	echo -e "\n"

	cat > $target/keygen-config <<GPG_CONFIG
	%echo generating keys...
	%echo you may need to wait a while while gpg gets some entropy
	%echo video games provide a ton of entropy
	%echo doing things also does
	Key-Type: RSA
	%echo generating 'sports car' length master key
	Key-Length: 3072
	Key-Usage: sign,auth
	Subkey-Type: RSA
	Subkey-Length: 2048
	Subkey-Usage: encrypt,sign,auth
	Name-Real: $name
	Name-Email: $email
	%commit
	%echo done generating keys!
	GPG_CONFIG

	gpg="$target/gpg.sh"

	cat > $gpg <<BASH
	DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
	gpg2 --homedir="\$DIR" "\$@"
	BASH

	chmod +x "$gpg"
	echo "$gpg created: use this to run GPG from your medium"



	$gpg --gen-key --batch $target/keygen-config




	cat > "$target/export-subkey.sh" <<BASH
	set -e
	read "This script will import your subkey (including private key) into this computer. Press enter to continue or ^c to exit."
	read -r ok
	DIR="\$( cd "\$( dirname "\${BASH_SOURCE[0]}" )" && pwd )"
	\$DIR/gpg.sh --export-secret-subkeys --armor "$email" \| gpg --import
	echo "Should be here:"
	gpg --list-keys "$email"
	BASH

	chmod +x "$target/export-subkey.sh"
	echo "$target/export-subkey.sh created: use this to import your subkey into a local GPG instance."



	echo "
	Printing out the generated keys.
	pub: public key
	uid: user id
	sub: sub key"

	$gpg --list-keys

	echo "A GPG envionment with a key and a subkey has been created on the usb key.

	You can use ./gpg.sh on the USB key to run gpg in this context.

	For more information on subkeys and why they're good, read this:
	https://wiki.debian.org/Subkeys

	The long and short of it is that subkeys can be managed and revoked independently by and from the master key. You can do cool stuff like putting just the subkey on a computer and revoking it by the USB residing masterkey if it gets popped.

	To use a yubikey, now follow this tutorial:

	https://www.yubico.com/2012/12/yubikey-neo-openpgp/"