commit: 0758d303101ba576537beb8e2a0278896b45d8eb
parent 17a8521176708073a797a5d14f0875e5b0917122
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sat, 13 Sep 2025 23:40:44 +0200
bin/minisign-rotate: gpg -> hiq, add comment on public key
Signed-off-by: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Diffstat:
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/.local/bin/minisign-rotate b/.local/bin/minisign-rotate
@@ -4,16 +4,17 @@ set -o pipefail
set -e
getpass() {
- gpg --decrypt /home/haelwenn/.password-store/minisign.gpg
+ # gpg --decrypt /home/haelwenn/.password-store/minisign.gpg
+ hiq -d -Fpassword host=minisign password!
}
path_key="${HOME}/.minisign/minisign.sec"
path_pub="${HOME}/.minisign/minisign.pub"
path_real_key="$(realpath "${path_key}")"
-date_real_key="$(basename "${path_prev_key%.sec}")"
+date_real_key="$(basename "${path_key%.sec}")"
path_real_pub="$(realpath "${path_pub}")"
-date_real_pub="$(basename "${path_prev_pub%.pub}")"
+date_real_pub="$(basename "${path_pub%.pub}")"
if [ "${date_real_key}" != "${date_real_pub}" ]; then
echo "minisign-rotate: Date mismatch between private-key(${date_real_key}) and public-key(${date_real_pub}), exiting..." >&2
@@ -54,7 +55,7 @@ else
read foo
# Generate new key (password needs to be inserted twice for confirmation)
- ( getpass ; getpass ) | signify -G -p "${path_next_pub}" -s "${path_next_key}"
+ ( getpass ; getpass ) | signify -G -c "Public key for year ${date_next} of Haelwenn (lanodan) Monnier" -p "${path_next_pub}" -s "${path_next_key}"
# Sign next pubkey with still current key
getpass | signify -S -x "${path_next_pub_sig}" -s "${path_cur_key}" -m "${path_next_pub}"
