Optional password file when splitting gpg key

45c3c6be · Bob Mottram · 75b0eb42 · 45c3c6be · 45c3c6be
Commit 45c3c6be authored 7 years ago by Bob Mottram
--- a/src/freedombone-base-email
+++ b/src/freedombone-base-email
@@ -716,6 +716,14 @@ function create_private_mailing_list {
 function split_gpg_key_into_fragments {
    # split the gpg key into fragments if social key management is enabled
    if [[ $ENABLE_SOCIAL_KEY_MANAGEMENT == "yes" ]]; then
+
+        if [ $IMAGE_PASSWORD_FILE ]; then
+            if [ -f $IMAGE_PASSWORD_FILE ]; then
+                ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME" --passwordfile $IMAGE_PASSWORD_FILE
+                return
+            fi
+        fi
+
        echo 'Splitting GPG key. You may need to enter your passphrase.'
        ${PROJECT_NAME}-splitkey -u $MY_USERNAME -e $MY_EMAIL_ADDRESS --fullname "$MY_NAME"
        if [ ! -d /home/$MY_USERNAME/.gnupg_fragments ]; then

--- a/src/freedombone-splitkey
+++ b/src/freedombone-splitkey
@@ -46,6 +46,7 @@ KEY_FRAGMENTS=3
 MY_USERNAME=
 MY_EMAIL_ADDRESS=
 MY_NAME=
+PASSWORD_FILE=

 function show_help {
    echo ''
@@ -78,6 +79,10 @@ case $key in
    shift
    MY_NAME=$1
    ;;
+    --passwordfile)
+    shift
+    PASSWORD_FILE=$1
+    ;;
    *)
    # unknown option
    ;;
@@ -98,6 +103,13 @@ if [ ! -d /home/$MY_USERNAME/.gnupg ]; then
    exit 5393
 fi

+if [ $PASSWORD_FILE ]; then
+    if [ ! -f $PASSWORD_FILE ]; then
+        echo $'Password file not found'
+        exit 62952
+    fi
+fi
+
 FRAGMENTS_DIR=/home/$MY_USERNAME/.gnupg_fragments
 if [ -d $FRAGMENTS_DIR ]; then
    exit 0
@@ -128,8 +140,15 @@ if [ ! "$?" = "0" ]; then
    echo $"Unable to extract public key for $KEYID"
    exit 7835
 fi
-gpg --output $FRAGMENTS_DIR/privkey.txt \
-    --armor --export-secret-key $KEYID
+if [ ! $PASSWORD_FILE ]; then
+    gpg --output $FRAGMENTS_DIR/privkey.txt \
+        --armor --export-secret-key $KEYID
+else
+    echo "$(printf `cat $PASSWORD_FILE`)" | \
+        gpg --batch --passphrase-fd 0 \
+        --output $FRAGMENTS_DIR/privkey.txt \
+        --armor --export-secret-key $KEYID
+fi
 if [ ! "$?" = "0" ]; then
    echo $"Unable to extract private key for $KEYID"
    exit 7823
@@ -142,8 +161,8 @@ if [ ! "$?" = "0" ]; then
 fi
 echo '$BACKUP_DUMMY_PASSWORD' | \
    gpg --output $FRAGMENTS_DIR/backup_privkey.txt \
-    --batch --passphrase-fd 0 \
-    --armor --export-secret-key $MY_BACKUP_KEY_ID
+        --batch --passphrase-fd 0 \
+        --armor --export-secret-key $MY_BACKUP_KEY_ID
 if [ ! "$?" = "0" ]; then
    echo $"Unable to extract backup private key for $MY_BACKUP_KEY_ID"
    exit 13783