all repos — nixfiles @ e704369a68aa47a759b69cbe35483edc9012a2ee

System and user configuration, managed by nix and home-manager

Add script to generate SSH keys on secure enclave

Alan Pearce
commit

e704369a68aa47a759b69cbe35483edc9012a2ee

parent

23e66251c1f82be38bc0da6bca0f7635f0701883

1 file changed, 28 insertions(+), 0 deletions(-)

jump to
A generate-sekey.sh
@@ -0,0 +1,28 @@
+#!/bin/zsh +# macOS-only; can assume zsh + +set -euo pipefail + +host=$1 +pubfile="${HOME}/.ssh/sekey/${host}.pub" + +function getKeyForHost () { + host=$1 + sekey --list-keys | awk "\$2 == \"$host\" {print \$4}" +} + +if [[ -z $(getKeyForHost $host) ]] +then + sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" } +fi + +if [[ -f $pubfile ]] +then + echo "Public key ${pubfile} already exists!" + echo "You should probably remove it, as there isn't a matching keypair in the Enclave" + exit 1 +fi + +keyid=$(getKeyForHost $host) + +sekey --export-key $keyid | tee "$pubfile"