Master keydrive exports keys to file
This commit is contained in:
parent
0dffadd4d1
commit
9ec93fff3a
|
@ -134,7 +134,49 @@ if [[ $MASTER_DRIVE == "yes" || $MASTER_DRIVE == "y" || $MASTER_DRIVE == "1" ]];
|
||||||
rm -rf $USB_MOUNT
|
rm -rf $USB_MOUNT
|
||||||
exit 73025
|
exit 73025
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# export the gpg key and backup key as text
|
||||||
|
# so that it may be imported at the beginning of new installs
|
||||||
|
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
|
||||||
|
GPG_ID=$(gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//')
|
||||||
|
GPG_BACKUP_ID=$(gpg --list-keys "(backup key)" | sed -n '2p' | sed 's/^[ \t]*//')
|
||||||
|
|
||||||
|
gpgerrstr=$'error'
|
||||||
|
gpgkey=$(gpg --armor --export $GPG_ID)
|
||||||
|
if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
|
||||||
|
echo $'Problem exporting public gpg key'
|
||||||
|
echo "$gpgkey"
|
||||||
|
exit 735282
|
||||||
|
fi
|
||||||
|
gpgprivkey=$(gpg --armor --export-secret-key $GPG_ID)
|
||||||
|
if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
|
||||||
|
echo $'Problem exporting private gpg key'
|
||||||
|
echo "$gpgprivkey"
|
||||||
|
gpgprivkey=
|
||||||
|
exit 629362
|
||||||
|
fi
|
||||||
|
|
||||||
|
backupgpgkey=$(gpg --armor --export $GPG_BACKUP_ID)
|
||||||
|
if [[ "$gpgkey" == *"$gpgerrstr"* ]]; then
|
||||||
|
echo $'Problem exporting public gpg key'
|
||||||
|
echo "$gpgkey"
|
||||||
|
exit 735282
|
||||||
|
fi
|
||||||
|
backupgpgprivkey=$(gpg --armor --export-secret-key $GPG_BACKUP_ID)
|
||||||
|
if [[ "$gpgprivkey" == *"$gpgerrstr"* ]]; then
|
||||||
|
echo $'Problem exporting private gpg key'
|
||||||
|
echo "$gpgprivkey"
|
||||||
|
gpgprivkey=
|
||||||
|
exit 629362
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "$gpgkey" > $USB_MOUNT/.mastergpgkey
|
||||||
|
echo "$gpgprivkey" >> $USB_MOUNT/.mastergpgkey
|
||||||
|
echo "$backupgpgkey" > $USB_MOUNT/.backupgpgkey
|
||||||
|
echo "$backupgpgprivkey" >> $USB_MOUNT/.backupgpgkey
|
||||||
|
|
||||||
cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
|
cp -rf /home/$MY_USERNAME/.gnupg $USB_MOUNT
|
||||||
|
|
||||||
if [ -d /etc/letsencrypt ]; then
|
if [ -d /etc/letsencrypt ]; then
|
||||||
cp -rf /etc/letsencrypt $USB_MOUNT
|
cp -rf /etc/letsencrypt $USB_MOUNT
|
||||||
echo $"LetsEncrypt keys copied to $USB_DRIVE"
|
echo $"LetsEncrypt keys copied to $USB_DRIVE"
|
||||||
|
|
|
@ -119,20 +119,34 @@ function interactive_gpg_from_usb {
|
||||||
cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
|
cp -r $USB_MOUNT/letsencrypt/* /etc/letsencrypt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d $USB_MOUNT/.gnupg ]; then
|
if [ -f $USB_MOUNT/.mastergpgkey && -f $USB_MOUNT/.backupgpgkey ]; then
|
||||||
if [ ! -d $HOME_DIR/.gnupg ]; then
|
# Recovering keys from file rather than just copying the gnupg
|
||||||
mkdir $HOME_DIR/.gnupg
|
# directory may help to avoid problems during upgrades/reinstalls
|
||||||
|
su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.mastergpgkey" - $MY_USERNAME
|
||||||
|
su -c "gpg --allow-secret-key-import --import $USB_MOUNT/.backupgpgkey" - $MY_USERNAME
|
||||||
|
if [ -d /home/$MY_USERNAME/.gnupg ]; then
|
||||||
|
chmod 700 /home/$MY_USERNAME/.gnupg
|
||||||
|
chmod -R 600 /home/$MY_USERNAME/.gnupg/*
|
||||||
|
chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.gnupg
|
||||||
fi
|
fi
|
||||||
echo $'Recovering GPG keys'
|
|
||||||
cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
|
|
||||||
GPG_LOADING="no"
|
|
||||||
dialog --title $"Recover Encryption Keys" \
|
dialog --title $"Recover Encryption Keys" \
|
||||||
--msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
|
--msgbox $"GPG Keyring loaded to $HOME_DIR from master keydrive" 6 70
|
||||||
else
|
else
|
||||||
if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
|
if [ -d $USB_MOUNT/.gnupg ]; then
|
||||||
mkdir $HOME_DIR/.gnupg_fragments
|
if [ ! -d $HOME_DIR/.gnupg ]; then
|
||||||
|
mkdir $HOME_DIR/.gnupg
|
||||||
|
fi
|
||||||
|
echo $'Recovering GPG keys'
|
||||||
|
cp -r $USB_MOUNT/.gnupg/* $HOME_DIR/.gnupg
|
||||||
|
GPG_LOADING="no"
|
||||||
|
dialog --title $"Recover Encryption Keys" \
|
||||||
|
--msgbox $"GPG Keyring loaded to $HOME_DIR" 6 70
|
||||||
|
else
|
||||||
|
if [ ! -d $HOME_DIR/.gnupg_fragments ]; then
|
||||||
|
mkdir $HOME_DIR/.gnupg_fragments
|
||||||
|
fi
|
||||||
|
cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
|
||||||
fi
|
fi
|
||||||
cp -r $USB_MOUNT/.gnupg_fragments/* $HOME_DIR/.gnupg_fragments
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $SSH_IMPORTED == "no" ]]; then
|
if [[ $SSH_IMPORTED == "no" ]]; then
|
||||||
|
|
Loading…
Reference in New Issue