diff options
author | Alan Pearce | 2021-03-17 17:23:16 +0100 |
---|---|---|
committer | Alan Pearce | 2021-03-17 17:23:16 +0100 |
commit | e704369a68aa47a759b69cbe35483edc9012a2ee (patch) | |
tree | 5082d0c5ecfccbf3120496c6bf26756c258a3d3f | |
parent | 23e66251c1f82be38bc0da6bca0f7635f0701883 (diff) | |
download | nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.tar.lz nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.tar.zst nixfiles-e704369a68aa47a759b69cbe35483edc9012a2ee.zip |
Add script to generate SSH keys on secure enclave
-rwxr-xr-x | generate-sekey.sh | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/generate-sekey.sh b/generate-sekey.sh new file mode 100755 index 00000000..760eaa41 --- /dev/null +++ b/generate-sekey.sh @@ -0,0 +1,28 @@ +#!/bin/zsh +# macOS-only; can assume zsh + +set -euo pipefail + +host=$1 +pubfile="${HOME}/.ssh/sekey/${host}.pub" + +function getKeyForHost () { + host=$1 + sekey --list-keys | awk "\$2 == \"$host\" {print \$4}" +} + +if [[ -z $(getKeyForHost $host) ]] +then + sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" } +fi + +if [[ -f $pubfile ]] +then + echo "Public key ${pubfile} already exists!" + echo "You should probably remove it, as there isn't a matching keypair in the Enclave" + exit 1 +fi + +keyid=$(getKeyForHost $host) + +sekey --export-key $keyid | tee "$pubfile" |