andreijiroh-dev/dotfiles
1
1
Fork 0
mirror of https://mau.dev/andreijiroh-dev/dotfiles.git synced 2024-09-19 23:47:03 +00:00
Code Issues Releases Packages Activity Actions

feat(backup-pgp-keys): improve script and bump asdf-managed tool versions

Browse source 
Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.xyz>
This commit is contained in:
Andrei Jiroh Halili 2024-08-17 01:02:22 +08:00
parent abb190c4b3
commit a80df72777
No known key found for this signature in database
GPG key ID: 67BFC91B3DA12BE8
2 changed files with 31 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.tool-versions
View file

@ -1,6 +1,6 @@
nodejs 20.12.2
deno 1.44.1
deno 1.45.5
direnv 2.34.0
python 3.12.3
glab 1.43.0
glab 1.45.0
golang 1.22.6

48
bin/backup-pgp-keys
View file

@ -2,9 +2,9 @@
# a script to generate backups for my GPG keys
# literally all of active keys I use for different purposes, including some
# I maintain (such as Recap Time Squad's keys for support and security issues
DEFAULT_PRIVATE_KEYS="0527234A430387EA5695D824A30EBE40AD856D88 4D5E631758CB9CC45941B1CE67BFC91B3DA12BE8 EA957E7086E934F8DB9CAD21940047813E9D641C 5D69E717C5BC95731C2AD8BD120C218ED2291996 2CFF8721393487AEEF2C38987067DB4C7768552F 18C97CF46F06176E7EC43BDC7E4E0EF8B968A952 51D2F9710A20AAE56DC9A9AB77D63E4A0C267204 11F7802B423286A5FCF40AF48AEB225605921F92"
# Literally all of active keys I use for different purposes. For things like shared keys,
# I override them via PUBLIC_KEYS AND PRIVATE_KEYS variables at runtime.
DEFAULT_PRIVATE_KEYS="0527234A430387EA5695D824A30EBE40AD856D88 4D5E631758CB9CC45941B1CE67BFC91B3DA12BE8 EA957E7086E934F8DB9CAD21940047813E9D641C 5D69E717C5BC95731C2AD8BD120C218ED2291996 2CFF8721393487AEEF2C38987067DB4C7768552F 18C97CF46F06176E7EC43BDC7E4E0EF8B968A952 51D2F9710A20AAE56DC9A9AB77D63E4A0C267204"
DEFAULT_PUBLIC_KEYS="0527234A430387EA5695D824A30EBE40AD856D88 4D5E631758CB9CC45941B1CE67BFC91B3DA12BE8 EA957E7086E934F8DB9CAD21940047813E9D641C 5D69E717C5BC95731C2AD8BD120C218ED2291996"
# allow anybody to automate this via envvars
@ -17,7 +17,7 @@ BACKUP_FILE_PASSWORD=$(gpg --armor --gen-random 1 20)
TIMESTAMP=$(date +%s)
generate_pubkey_bak() {
echo "[Stage 1]: Export all public keys per PUBLIC_KEYS to '$EXPORT_DIR/personal-$TIMESTAMP.asc'"
echo "[Stage 1]: Export all public keys per PUBLIC_KEYS to '$EXPORT_DIR/pubkeys-$TIMESTAMP.asc'"
echo
sleep 3
@ -29,16 +29,17 @@ generate_pubkey_bak() {
for key in $PUBLIC_KEYS; do
echo "Exporting keyid $key's public key"
if [[ $_arg_dryrun == "true" ]]; then
echo "+ gpg --armor --export \"$key\" >> \"$EXPORT_DIR/personal-$TIMESTAMP.asc\""
echo "+ gpg --armor --export \"$key\" >> \"$EXPORT_DIR/pubkeys-$TIMESTAMP.asc\""
else
gpg --armor --export "$key" >> "$EXPORT_DIR/personal-$TIMESTAMP.asc"
gpg --armor --export "$key" >> "$EXPORT_DIR/pubkeys-$TIMESTAMP.asc"
fi
sleep 3
done
echo
}
generate_privkey_bak() {
echo "[Stage 2]: Export all private keys per PRIVATE_KEYS to '$EXPORT_DIR/backup-personal-$TIMESTAMP.asc'"
echo "[Stage 2]: Export all private keys per PRIVATE_KEYS to '$EXPORT_DIR/gpg-keys-backup-$TIMESTAMP.asc'"
echo
sleep 3
@ -50,25 +51,22 @@ generate_privkey_bak() {
if [[ $_arg_dryrun == "true" ]]; then
for key in $PRIVATE_KEYS; do
echo "Exporting keyid $key with private key"
echo "+ gpg --armor --export-secret-keys $key >> $EXPORT_DIR/backup-personal-$TIMESTAMP.asc"
echo "+ gpg --armor --export-secret-keys $key >> $EXPORT_DIR/gpg-keys-backup-$TIMESTAMP.asc"
sleep 5
done
echo "+ gpg --batch --asymmetric --passphrase \"$BACKUP_FILE_PASSWORD\" --output \"$EXPORT_DIR/private-keys-backup-$TIMESTAMP.sec.asc\""
echo "+ gpg --armor --batch --passphrase ${BACKUP_FILE_PASSWORD} --symmetric --output ${EXPORT_DIR}/gpg-keys-encrypted-backup-${TIMESTAMP} < ${EXPORT_DIR}/gpg-keys-backup-${TIMESTAMP}.asc"
return
fi
for key in $PRIVATE_KEYS; do
echo "Exporting keyid $key with private key"
gpg --armor --export-secret-keys "$key" >> "$EXPORT_DIR/backup-personal-$TIMESTAMP.asc"
gpg --armor --export-secret-keys "$key" >> "${EXPORT_DIR}/gpg-keys-backup-${TIMESTAMP}.asc"
sleep 5
done
echo "warning: Use the following passphrase for encrypting the private key backup in case"
echo "warning: both --batch and --passphrase flags didn't work in 10 seconds below."
echo "warning:"
echo "warning: $BACKUP_FILE_PASSWORD"
echo "warning:"
echo "[private-keys-backup] Here's the encrypted passphrase for ${BACKUP_FILE_PASSWORD}"
sleep 10
gpg --batch --asymmetric --passphrase "$BACKUP_FILE_PASSWORD" --output "$EXPORT_DIR/private-keys-backup-$TIMESTAMP.sec.asc"
gpg --armor --batch --passphrase "${BACKUP_FILE_PASSWORD}" --symmetric --output "${EXPORT_DIR}/gpg-keys-encrypted-backup-${TIMESTAMP}" < "${EXPORT_DIR}/gpg-keys-backup-${TIMESTAMP}.asc"
echo
}
check_export_dir() {
@ -97,7 +95,19 @@ check_export_dir() {
}
usage() {
echo "USAGE: [EXPORT_DIR=\$(pwd)] $0 [--only-public | --only-secret | --dry-run]"
echo "Usage: $0 [--only-public | --only-secret | --dry-run]"
echo
echo "Available params:"
echo " --dry-run, -d Run a simultation of commands"
echo " --help Show this help page"
echo " --only-secret, -s Only export secret keys"
echo " --only-public, -p Only export public keys"
echo
echo "Supported variables to override defaults:"
echo " DEBUG Set to any value to enable debug logging (via 'set -x')"
echo " EXPORT_DIR Directory for storing exports"
echo " PUBLIC_KEYS List of GPG keys for exporting public keys, seperated by spaces"
echo " PRIVATE_KEYS List of GPG keys for exporting private keys, seperated by spaces"
}
main() {
@ -117,10 +127,10 @@ main() {
--help | -h)
usage; exit 0
;;
--public-keys-only | --pubkeys | --only-public | -p)
--pubkeys | --only-public | -p)
_arg_pubkeys_only=true
;;
--private-keys-only | --secretkeys | --only-secret | -s)
--secretkeys | --only-secret | -s)
_arg_secretkeys_only=true
;;
--dryrun | --dry-run | -d)