From e704369a68aa47a759b69cbe35483edc9012a2ee Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Wed, 17 Mar 2021 17:23:16 +0100
Subject: Add script to generate SSH keys on secure enclave

---
 generate-sekey.sh | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100755 generate-sekey.sh

diff --git a/generate-sekey.sh b/generate-sekey.sh
new file mode 100755
index 00000000..760eaa41
--- /dev/null
+++ b/generate-sekey.sh
@@ -0,0 +1,28 @@
+#!/bin/zsh
+# macOS-only; can assume zsh
+
+set -euo pipefail
+
+host=$1
+pubfile="${HOME}/.ssh/sekey/${host}.pub"
+
+function getKeyForHost () {
+	host=$1
+	sekey --list-keys | awk "\$2 == \"$host\" {print \$4}"
+}
+
+if [[ -z $(getKeyForHost $host) ]]
+then
+	sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" }
+fi
+
+if [[ -f $pubfile ]]
+then
+	echo "Public key ${pubfile} already exists!"
+	echo "You should probably remove it, as there isn't a matching keypair in the Enclave"
+	exit 1
+fi
+
+keyid=$(getKeyForHost $host)
+
+sekey --export-key $keyid | tee "$pubfile"
-- 
cgit 1.4.1