aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README40
-rw-r--r--config/recipients1
-rwxr-xr-xscripts/decrypt15
-rwxr-xr-xscripts/encrypt18
-rwxr-xr-xscripts/recrypt20
5 files changed, 94 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..cd126fd
--- /dev/null
+++ b/README
@@ -0,0 +1,40 @@
+Keyringer
+=========
+
+Encrypting a key
+----------------
+
+ scripts/encrypt <file>
+
+Decrypting a key (only to stdout)
+---------------------------------
+
+ scripts/decrypt <file>
+
+Re-encrypting a key
+-------------------
+
+ scripts/recrypt <file>
+
+Notes
+-----
+
+ 1. The <file> is any file inside the keys/ folder.
+
+ 2. Never decrypt a key and write it to the disk, except
+ if you're adding it to your personall keyring.
+
+ 3. Recipients are defined at file config/recipients.
+ Please add just trustable recipients.
+
+Using with GNU Privacy Guard
+----------------------------
+
+Exporting public keys:
+
+ gpg --armor --export <keyid>
+
+Exporting private keys (take care):
+
+ gpg --armor --export-secret-keys
+
diff --git a/config/recipients b/config/recipients
new file mode 100644
index 0000000..f8f83a5
--- /dev/null
+++ b/config/recipients
@@ -0,0 +1 @@
+john@doe.com XXXXXXXX
diff --git a/scripts/decrypt b/scripts/decrypt
new file mode 100755
index 0000000..a6fb8d5
--- /dev/null
+++ b/scripts/decrypt
@@ -0,0 +1,15 @@
+#!/bin/bash
+# decrypt
+
+FILE="$1"
+BASENAME="`basename $0`"
+
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <file>"
+ exit 1
+elif [ ! -f "keys/$FILE" ]; then
+ echo "File not found"
+ exit 1
+fi
+
+gpg -d keys/$FILE
diff --git a/scripts/encrypt b/scripts/encrypt
new file mode 100755
index 0000000..107aa3e
--- /dev/null
+++ b/scripts/encrypt
@@ -0,0 +1,18 @@
+#!/bin/bash
+# encrypt to multiple recipients
+
+FILE="$1"
+BASENAME="`basename $0`"
+RECIPIENTS="config/recipients"
+
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <file>"
+ exit 1
+elif [ ! -f "$RECIPIENTS" ]; then
+ echo "No recipient config was found"
+ exit 1
+fi
+
+mkdir -p keys/`dirname $FILE`
+recipients="$(awk '{ print "-r " $2 }' $RECIPIENTS | xargs)"
+gpg --armor -e -s $recipients - > keys/$FILE
diff --git a/scripts/recrypt b/scripts/recrypt
new file mode 100755
index 0000000..f2c8d6a
--- /dev/null
+++ b/scripts/recrypt
@@ -0,0 +1,20 @@
+#!/bin/bash
+# re-encrypt to multiple recipients
+
+FILE="$1"
+BASENAME="`basename $0`"
+RECIPIENTS="config/recipients"
+
+if [ -z "$FILE" ]; then
+ echo "Usage: `basename $0` <file>"
+ exit 1
+elif [ ! -f "$RECIPIENTS" ]; then
+ echo "No recipient config was found"
+ exit 1
+elif [ ! -f "keys/$FILE" ]; then
+ echo "File not found"
+ exit 1
+fi
+
+recipients="$(awk '{ print "-r " $2 }' $RECIPIENTS | xargs)"
+gpg -d keys/$FILE | gpg --armor -e -s $recipients > keys/$FILE