Add script to generate SSH keys on secure enclave
1 file changed, 28 insertions(+), 0 deletions(-)
jump to
A generate-sekey.sh
@@ -0,0 +1,28 @@ +#!/bin/zsh +# macOS-only; can assume zsh + +set -euo pipefail + +host=$1 +pubfile="${HOME}/.ssh/sekey/${host}.pub" + +function getKeyForHost () { + host=$1 + sekey --list-keys | awk "\$2 == \"$host\" {print \$4}" +} + +if [[ -z $(getKeyForHost $host) ]] +then + sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" } +fi + +if [[ -f $pubfile ]] +then + echo "Public key ${pubfile} already exists!" + echo "You should probably remove it, as there isn't a matching keypair in the Enclave" + exit 1 +fi + +keyid=$(getKeyForHost $host) + +sekey --export-key $keyid | tee "$pubfile"