[dak/master] generate-archive-key: add a description to the shares
---
scripts/debian/generate-archive-key | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/scripts/debian/generate-archive-key b/scripts/debian/generate-archive-key
index dde4b4f..914e2dc 100755
--- a/scripts/debian/generate-archive-key
+++ b/scripts/debian/generate-archive-key
@@ -86,6 +86,7 @@ split-into-encrypted-shares() {
local output="${2}"
local -n holders="${3}"
local shares="${4}"
+ local description="${5:-}"
gfsplit -n ${shares} -m ${#holders[@]} ${input}
@@ -94,6 +95,7 @@ split-into-encrypted-shares() {
local holder=${holders[$i]}
i=$((i + 1))
{
+ echo "${description}"
echo "Share name: ${share}"
echo
echo "To recombine:"
@@ -153,12 +155,13 @@ show-file generate-key.conf
# So we only set the passphrase at the end.
gpg --batch --pinentry-mode loopback --passphrase "" --full-generate-key generate-key.conf
key=$(gpg --with-colon --list-secret-keys | awk -F: '$1 == "fpr" { print $10; exit 0; }')
+key_uid=$(gpg --with-colon --list-secret-keys | awk -F: '$1 == "uid" { print $10; exit 0; }')
if [[ ${#key} -ne 40 ]]; then
echo "Unexpected length of key id: ${#key} (expected: 40)" >&2
exit 7
fi
-echo "Secret key is ${key}"
+echo "Secret key is ${key} (${key_uid})"
if [[ ${#revokers[@]} -gt 0 ]]; then
{
@@ -176,12 +179,20 @@ fi
cp openpgp-revocs.d/${key}.rev revoke-${key}
if [[ ${#revocation_holders[@]} -gt 0 ]]; then
- split-into-encrypted-shares revoke-${key} revoke-${key}-share revocation_holders ${revocation_shares}
+ description="This is a share of the REVOCATION CERTIFICATE for
+the key: ${key}
+ uid: ${key_uid}
+"
+ split-into-encrypted-shares revoke-${key} revoke-${key}-share revocation_holders ${revocation_shares} "${description}"
fi
if [[ ${#backup_holders[@]} -gt 0 ]]; then
gpg --export-secret-key ${key} > backup-${key}
- split-into-encrypted-shares backup-${key} backup-${key}-share backup_holders ${backup_shares}
+ description="This is a share of the PRIVATE KEY for
+the key: ${key}
+ uid: ${key_uid}
+"
+ split-into-encrypted-shares backup-${key} backup-${key}-share backup_holders ${backup_shares} "${description}"
rm -f -- backup-${key} backup-${key}.???
fi
--
2.1.4
Reply to: