biod/study/gen-key-pair.sh - mirrors/cros/chromiumos/platform2 - Git at Google

 #!/bin/bash
 # Copyright 2020 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 #
 # This script is used to generate the GPG keys required to run this the
 # fingerprint study tool with GPG encryption.


 : "${GPG_NAME_REAL:=ChromeOSFPStudy}"
 : "${GPG_NAME_COMMENT:=Chrome OS Fingerprint Study Key}"
 : "${GPG_EMAIL:=}"
 : "${OUTPUT_DIR:=.}" # The directory where the output keys will be moved to.

 die() {
   echo "$@" >&2
   exit 1
 }

 if [[ -z "${GPG_EMAIL}" ]]; then
   read -r -p "Please enter the GPG recipient email address: " GPG_EMAIL
 fi

 # Setup a new empty GNUPG directory.
 GNUPGHOME="$(mktemp -d /tmp/fpstudygpg-XXXX)" || die \
   "Error - Failed to generate temp GNUPGHOME."
 export GNUPGHOME

 mkdir -p "${GNUPGHOME}/private-keys-v1.d" || die \
   "Error - Failed to create the GNUPGHOME private keys dir."

 chmod -R 700 "${GNUPGHOME}" || die \
   "Error - Failed to set permission of the GNUPGHOME dir."

 # Setup key generation parameters.
 # https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
 KEY_PARAMS_FILE="${GNUPGHOME}/keyparams"
 cat >"${KEY_PARAMS_FILE}" <<EOF
   %echo Generating key.
   Key-Type: RSA
   Key-Length: 4096
   # Disable subkey generation, since this is a one time use key pair anyways.
   # Subkey-Type: RSA
   # Subkey-Length: 4096
   Name-Real: ${GPG_NAME_REAL}
   Name-Comment: ${GPG_NAME_COMMENT}
   Name-Email: ${GPG_EMAIL}
   Expire-Date: 0
   # Passphrase: <IF_UNCOMMENTED_THIS_IS_THE_PASSWORD>
   %ask-passphrase
   # %no-ask-passphrase
   # %no-protection
   %commit
   %echo Done.
 EOF

 # Generate a new key pair. Make note of the password used. This password is used
 # to protect the private key and will be required when decrypting the captures.
 echo "# Generating Keys."
 gpg --verbose --batch --gen-key "${KEY_PARAMS_FILE}" || die \
   "Error - Failed to generate key pair."
 echo

 # Record the fingerprint/keyid from by the following command.
 # The fingerprint is the 40 hex character string grouped into 10 groups of
 # 4 characters. Remove the spaces from this fingerprint to form the keyid.
 echo "# Showing generated key fingerprint."
 gpg --fingerprint "${GPG_NAME_REAL}" || die \
   "Error - Failed to lookup new generated keyid."
 cat <<EOF
 # Please take note of the 40 hex character string above, which is shown as 10
 # groups of 4 characters.
 # This string (without spaces) will be used as the --gpg-recipient argument
 # to study_serve[.py].
 #
 # Example output from gpg:
 # pub   rsa4096 2020-12-15 [SCEA]
 #      XXXX XXXX XXXX XXXX XXXX  XXXX XXXX XXXX XXXX XXXX
 # uid           [ultimate] ${GPG_NAME_REAL} (${GPG_NAME_COMMENT}) <${GPG_EMAIL}>
 #
 # This becomes:
 # --gpg-recipient 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
 EOF
 echo

 echo "# Exporting keys."
 # Export only the public key for the test device. This key must be copied to the
 # test device and will be used as the keyring.
 gpg --verbose --export "${GPG_NAME_REAL}" \
   >"${GNUPGHOME}/chromeos-fpstudy-public-device.gpg" || die \
   "Error - Failed to generate key pair."

 # Export the private key for backup. This key is for the recipient to be able
 # to decrypt the fingerprint capture.
 # This key must NOT be copied to the test device.
 gpg --verbose --export-secret-keys "${GPG_NAME_REAL}" \
   >"${GNUPGHOME}/chromeos-fpstudy-private.gpg" || die \
   "Error - Failed to generate key pair."

 mv -iv "${GNUPGHOME}/chromeos-fpstudy-public-device.gpg" \
        "${GNUPGHOME}/chromeos-fpstudy-private.gpg" \
        "${OUTPUT_DIR}" || die "Error - Failed to move key files to output dir."

 echo "# Removing temporary directory '${GNUPGHOME}'"
 rm -rf "${GNUPGHOME}" || die "Error - Failed to remove temp directory."
	#!/bin/bash
	# Copyright 2020 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.
	#
	# This script is used to generate the GPG keys required to run this the
	# fingerprint study tool with GPG encryption.


	: "${GPG_NAME_REAL:=ChromeOSFPStudy}"
	: "${GPG_NAME_COMMENT:=Chrome OS Fingerprint Study Key}"
	: "${GPG_EMAIL:=}"
	: "${OUTPUT_DIR:=.}" # The directory where the output keys will be moved to.

	die() {
	echo "$@" >&2
	exit 1
	}

	if [[ -z "${GPG_EMAIL}" ]]; then
	read -r -p "Please enter the GPG recipient email address: " GPG_EMAIL
	fi

	# Setup a new empty GNUPG directory.
	GNUPGHOME="$(mktemp -d /tmp/fpstudygpg-XXXX)" \|\| die \
	"Error - Failed to generate temp GNUPGHOME."
	export GNUPGHOME

	mkdir -p "${GNUPGHOME}/private-keys-v1.d" \|\| die \
	"Error - Failed to create the GNUPGHOME private keys dir."

	chmod -R 700 "${GNUPGHOME}" \|\| die \
	"Error - Failed to set permission of the GNUPGHOME dir."

	# Setup key generation parameters.
	# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
	KEY_PARAMS_FILE="${GNUPGHOME}/keyparams"
	cat >"${KEY_PARAMS_FILE}" <<EOF
	%echo Generating key.
	Key-Type: RSA
	Key-Length: 4096
	# Disable subkey generation, since this is a one time use key pair anyways.
	# Subkey-Type: RSA
	# Subkey-Length: 4096
	Name-Real: ${GPG_NAME_REAL}
	Name-Comment: ${GPG_NAME_COMMENT}
	Name-Email: ${GPG_EMAIL}
	Expire-Date: 0
	# Passphrase: <IF_UNCOMMENTED_THIS_IS_THE_PASSWORD>
	%ask-passphrase
	# %no-ask-passphrase
	# %no-protection
	%commit
	%echo Done.
	EOF

	# Generate a new key pair. Make note of the password used. This password is used
	# to protect the private key and will be required when decrypting the captures.
	echo "# Generating Keys."
	gpg --verbose --batch --gen-key "${KEY_PARAMS_FILE}" \|\| die \
	"Error - Failed to generate key pair."
	echo

	# Record the fingerprint/keyid from by the following command.
	# The fingerprint is the 40 hex character string grouped into 10 groups of
	# 4 characters. Remove the spaces from this fingerprint to form the keyid.
	echo "# Showing generated key fingerprint."
	gpg --fingerprint "${GPG_NAME_REAL}" \|\| die \
	"Error - Failed to lookup new generated keyid."
	cat <<EOF
	# Please take note of the 40 hex character string above, which is shown as 10
	# groups of 4 characters.
	# This string (without spaces) will be used as the --gpg-recipient argument
	# to study_serve[.py].
	#
	# Example output from gpg:
	# pub rsa4096 2020-12-15 [SCEA]
	# XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX
	# uid [ultimate] ${GPG_NAME_REAL} (${GPG_NAME_COMMENT}) <${GPG_EMAIL}>
	#
	# This becomes:
	# --gpg-recipient 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
	EOF
	echo

	echo "# Exporting keys."
	# Export only the public key for the test device. This key must be copied to the
	# test device and will be used as the keyring.
	gpg --verbose --export "${GPG_NAME_REAL}" \
	>"${GNUPGHOME}/chromeos-fpstudy-public-device.gpg" \|\| die \
	"Error - Failed to generate key pair."

	# Export the private key for backup. This key is for the recipient to be able
	# to decrypt the fingerprint capture.
	# This key must NOT be copied to the test device.
	gpg --verbose --export-secret-keys "${GPG_NAME_REAL}" \
	>"${GNUPGHOME}/chromeos-fpstudy-private.gpg" \|\| die \
	"Error - Failed to generate key pair."

	mv -iv "${GNUPGHOME}/chromeos-fpstudy-public-device.gpg" \
	"${GNUPGHOME}/chromeos-fpstudy-private.gpg" \
	"${OUTPUT_DIR}" \|\| die "Error - Failed to move key files to output dir."

	echo "# Removing temporary directory '${GNUPGHOME}'"
	rm -rf "${GNUPGHOME}" \|\| die "Error - Failed to remove temp directory."