drop GPG from keychain

This commit is contained in:
Joel Beckmeyer 2024-10-18 13:36:43 -04:00
parent 72310b3b0a
commit d858594201

View File

@ -48,14 +48,29 @@ alias vim='nvim'
alias wake_circadian='ssh epoch wol a8:a1:59:11:06:f1' alias wake_circadian='ssh epoch wol a8:a1:59:11:06:f1'
alias xrm='sudo xbps-remove' alias xrm='sudo xbps-remove'
# GPG setup (and SSH) ssh-add ~/.ssh/id_rsa
# SSH setup
# I finally figured out how to export my id_rsa from GPG using
# https://superuser.com/a/1681454 (copied/summarized here to avoid link rot):
# 0. Run `gpg -K --with-keygrip` and note the desired keygrip (probably the one
# with [A] for auth).
# 1. Run `gpgsm --gen-key -o tempcert`:
# a. Select "Existing Key".
# b. Enter the keygrip from step 0.
# c. Select "(1) sign, encrypt". This and following steps don't really apply
# for our use case, but we need to do it to make the tool happy.
# d. Enter some valid X.509 subject, e.g. "C=US".
# e. Press enter for rest of fields.
# f. "y" to create self-signed certificate.
# g. "y" to proceed with creation.
# 2. `gpgsm --import tempcert` and `gpgsm -K` to get the (new) keyid.
# 3. `gpgsm --export-secret-key-p8 -a -o id_rsa $keyid`
# 4. (optional) `rm tempcert`, probably don't want that sitting around.
# 5. (optional) Trim the phony metadata we gave to gpgsm that is prepended to
# the exported PEM cert (id_rsa).
if command -v keychain >/dev/null; then if command -v keychain >/dev/null; then
alias keychain="keychain --nolock --absolute --dir $XDG_RUNTIME_DIR" alias keychain="keychain --nolock --absolute --dir $XDG_RUNTIME_DIR"
eval "$(keychain --quick --eval --agents gpg D7F966B85D985743C76A17AC5A9572AE7B2E7E1C)" eval "$(keychain --quick --eval)"
fi
if command -v gpgconf >/dev/null; then
SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
export SSH_AUTH_SOCK
fi fi
### End user configuration ### End user configuration