Add script to generate SSH keys on secure enclave

author: Alan Pearce 2021-03-17 17:23:16 +0100
committer: Alan Pearce 2021-03-17 17:23:16 +0100
commit: e704369a68aa47a759b69cbe35483edc9012a2ee (patch)
tree: 5082d0c5ecfccbf3120496c6bf26756c258a3d3f /generate-sekey.sh
parent: 23e66251c1f82be38bc0da6bca0f7635f0701883 (diff)
download: nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.tar.lz
nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.tar.zst
nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/generate-sekey.sh b/generate-sekey.sh
new file mode 100755
index 00000000..760eaa41
--- /dev/null
+++ b/generate-sekey.sh
@@ -0,0 +1,28 @@
+#!/bin/zsh
+# macOS-only; can assume zsh
+
+set -euo pipefail
+
+host=$1
+pubfile="${HOME}/.ssh/sekey/${host}.pub"
+
+function getKeyForHost () {
+	host=$1
+	sekey --list-keys | awk "\$2 == \"$host\" {print \$4}"
+}
+
+if [[ -z $(getKeyForHost $host) ]]
+then
+	sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" }
+fi
+
+if [[ -f $pubfile ]]
+then
+	echo "Public key ${pubfile} already exists!"
+	echo "You should probably remove it, as there isn't a matching keypair in the Enclave"
+	exit 1
+fi
+
+keyid=$(getKeyForHost $host)
+
+sekey --export-key $keyid | tee "$pubfile"
author	Alan Pearce	2021-03-17 17:23:16 +0100
committer	Alan Pearce	2021-03-17 17:23:16 +0100
commit	e704369a68aa47a759b69cbe35483edc9012a2ee (patch)
tree	5082d0c5ecfccbf3120496c6bf26756c258a3d3f /generate-sekey.sh
parent	23e66251c1f82be38bc0da6bca0f7635f0701883 (diff)
download	nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.tar.lz nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.tar.zst nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.zip