From c588c74bcff531da4a6c347711b81712a124417f Mon Sep 17 00:00:00 2001
From: Joel Beckmeyer <joel@beckmeyer.us>
Date: Mon, 11 Sep 2023 11:22:33 -0400
Subject: [PATCH] gpg: add sshcontrol with script to get grip

---
 bin/executable_get-ssh-subkey-keygrip         |  2 ++
 dot_local/share/private_gnupg/sshcontrol.tmpl | 11 +++++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 bin/executable_get-ssh-subkey-keygrip
 create mode 100644 dot_local/share/private_gnupg/sshcontrol.tmpl

diff --git a/bin/executable_get-ssh-subkey-keygrip b/bin/executable_get-ssh-subkey-keygrip
new file mode 100644
index 0000000..737e59b
--- /dev/null
+++ b/bin/executable_get-ssh-subkey-keygrip
@@ -0,0 +1,2 @@
+#!/bin/sh
+gpg -K --with-keygrip | grep -A1 "\[A\]" | tail -n1 | sed 's,.*Keygrip = \(\),\1,'
diff --git a/dot_local/share/private_gnupg/sshcontrol.tmpl b/dot_local/share/private_gnupg/sshcontrol.tmpl
new file mode 100644
index 0000000..44e5bb6
--- /dev/null
+++ b/dot_local/share/private_gnupg/sshcontrol.tmpl
@@ -0,0 +1,11 @@
+# List of allowed ssh keys.  Only keys present in this file are used
+# in the SSH protocol.  The ssh-add tool may add new entries to this
+# file to enable them; you may also add them manually.  Comment
+# lines, like this one, as well as empty lines are ignored.  Lines do
+# have a certain length limit but this is not serious limitation as
+# the format of the entries is fixed and checked by gpg-agent. A
+# non-comment line starts with optional white spaces, followed by the
+# keygrip of the key given as 40 hex digits, optionally followed by a
+# caching TTL in seconds, and another optional field for arbitrary
+# flags.   Prepend the keygrip with an '!' mark to disable it.
+{{ output "get-ssh-subkey-keygrip" }}