drop GPG from keychain

2024-10-18 13:36:43 -04:00 · 2024-10-18 13:36:43 -04:00 · d858594201
commit d858594201
parent 72310b3b0a
1 changed files with 21 additions and 6 deletions
--- a/dot_config/zsh/dot_zshrc
+++ b/dot_config/zsh/dot_zshrc
@ -48,14 +48,29 @@ alias vim='nvim'
 alias wake_circadian='ssh epoch wol a8:a1:59:11:06:f1'
 alias xrm='sudo xbps-remove'

-# GPG setup (and SSH)
+ssh-add ~/.ssh/id_rsa
+# SSH setup
+# I finally figured out how to export my id_rsa from GPG using
+# https://superuser.com/a/1681454 (copied/summarized here to avoid link rot):
+# 0. Run `gpg -K --with-keygrip` and note the desired keygrip (probably the one
+#   with [A] for auth).
+# 1. Run `gpgsm --gen-key -o tempcert`:
+#   a. Select "Existing Key".
+#   b. Enter the keygrip from step 0.
+#   c. Select "(1) sign, encrypt". This and following steps don't really apply
+#   for our use case, but we need to do it to make the tool happy.
+#   d. Enter some valid X.509 subject, e.g. "C=US".
+#   e. Press enter for rest of fields.
+#   f. "y" to create self-signed certificate.
+#   g. "y" to proceed with creation.
+# 2. `gpgsm --import tempcert` and `gpgsm -K` to get the (new) keyid.
+# 3. `gpgsm --export-secret-key-p8 -a -o id_rsa $keyid`
+# 4. (optional) `rm tempcert`, probably don't want that sitting around.
+# 5. (optional) Trim the phony metadata we gave to gpgsm that is prepended to
+# the exported PEM cert (id_rsa).
 if command -v keychain >/dev/null; then
 	alias keychain="keychain --nolock --absolute --dir $XDG_RUNTIME_DIR"
-	eval "$(keychain --quick --eval --agents gpg D7F966B85D985743C76A17AC5A9572AE7B2E7E1C)"
-fi
-if command -v gpgconf >/dev/null; then
-	SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
-	export SSH_AUTH_SOCK
+	eval "$(keychain --quick --eval)"
 fi
 ### End user configuration