all repos — nixfiles @ e704369a68aa47a759b69cbe35483edc9012a2ee

System and user configuration, managed by nix and home-manager

Add script to generate SSH keys on secure enclave
Alan Pearce alan@alanpearce.eu
Wed, 17 Mar 2021 17:23:16 +0100
commit

e704369a68aa47a759b69cbe35483edc9012a2ee

parent

23e66251c1f82be38bc0da6bca0f7635f0701883

1 files changed, 28 insertions(+), 0 deletions(-)

jump to
A generate-sekey.sh
@@ -0,0 +1,28 @@+#!/bin/zsh
+# macOS-only; can assume zsh
+
+set -euo pipefail
+
+host=$1
+pubfile="${HOME}/.ssh/sekey/${host}.pub"
+
+function getKeyForHost () {
+	host=$1
+	sekey --list-keys | awk "\$2 == \"$host\" {print \$4}"
+}
+
+if [[ -z $(getKeyForHost $host) ]]
+then
+	sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" }
+fi
+
+if [[ -f $pubfile ]]
+then
+	echo "Public key ${pubfile} already exists!"
+	echo "You should probably remove it, as there isn't a matching keypair in the Enclave"
+	exit 1
+fi
+
+keyid=$(getKeyForHost $host)
+
+sekey --export-key $keyid | tee "$pubfile"