.local/bin/paperbackup (view raw)
1#!/bin/sh -e
2
3# Copyright (c) 2021, la-ninpre
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16#
17# ---------------------------------------------------------------------- #
18#
19# small script to backup secret gpg keys using paperkey and qrencode.
20#
21# basic usage:
22#
23# $ paperbackup -u user@email.com
24#
25# by default exports minimized public key and paperkeyed secret key
26# to qr-encoded images, which then are combined into one image for
27# easy printing.
28#
29# dependencies:
30# - gpg (obviously)
31# - paperkey
32# - qrencode
33# - imagemagick (optional, use -n to disable montage)
34
35usage() {
36 echo "usage: ${0##*/} [OPTIONS]"
37 echo
38 echo "options:"
39 echo " -u, --uid {UID}"
40 echo " gpg keyid or uid (this is mandatory)"
41 echo " -l, --level {L,M,Q,H}"
42 echo " qrencode correction level"
43 echo " -t, --term"
44 echo " output to terminal instead of png image"
45 echo " -n, --nomontage"
46 echo " disable composing qrcodes to one image"
47 echo " -h, --help"
48 echo " print usage information"
49 echo
50}
51
52check_uid() {
53 [ -z "$1" ] && echo "uid could not be empty" && exit 1
54
55 if ! gpg -K "$1" >/dev/null
56 then
57 exit 1
58 fi
59
60 PB_UID="$1"
61}
62
63check_corr_lvl() {
64 case "$1" in
65 l|L|m|M|q|Q|h|H)
66 PB_CORR_LVL="$1"
67 ;;
68 *)
69 echo "correction level should be one of L,M,Q,H"
70 usage
71 exit 1
72 ;;
73 esac
74}
75
76qr_encode() {
77 PB_QRENCODE_FLAGS="-8 -l $PB_CORR_LVL -t $PB_TYPE"
78
79 case "$PB_TYPE" in
80 png)
81 PB_QRENCODE_FLAGS="$PB_QRENCODE_FLAGS -o $1"
82 ;;
83 UTF8)
84 ;;
85 *)
86 exit 1
87 ;;
88 esac
89
90 # i don't know if it is safe to do so, but it's very convenient
91 # shellcheck disable=SC2086
92 qrencode $PB_QRENCODE_FLAGS
93}
94
95get_pubkey() {
96 [ -n "$1" ] && gpg --export --export-options export-minimal "$1" \
97 | qr_encode "$1-pubkey.png"
98}
99
100get_seckey() {
101 [ -n "$1" ] && gpg --export-secret-key "$1" \
102 | paperkey --output-type raw | qr_encode "$1-seckey.png"
103}
104
105montage_keys() {
106 montage \
107 -pointsize 18 \
108 -title "\nsecret key backup for $PB_UID\n$PB_DATE" \
109 -label pubkey "$PB_UID-pubkey.png" \
110 -label seckey "$PB_UID-seckey.png" \
111 -mode concatenate \
112 "$PB_UID-keys.png"
113
114 rm -f "$PB_UID-pubkey.png" "$PB_UID-seckey.png"
115}
116
117main() {
118 PB_TYPE="png"
119 PB_CORR_LVL="H"
120 PB_DATE=$(date "+%F %T")
121 PB_MONTAGE=1
122
123 while [ -n "$1" ]
124 do
125 case "$1" in
126 --uid|-u)
127 shift
128 check_uid "$1"
129 ;;
130 --level|-l)
131 shift
132 check_corr_lvl "$1"
133 ;;
134 --term|-t)
135 PB_TYPE="UTF8"
136 ;;
137 --nomontage|-n)
138 PB_MONTAGE=0
139 ;;
140 --help|-h)
141 echo "backup secret gpg key using paperkey and qrencode"
142 echo
143 usage
144 exit
145 ;;
146 *)
147 usage
148 exit 1
149 ;;
150 esac
151 shift
152 done
153
154 [ -z "$PB_UID" ] && echo "please specify uid or keyid" && exit 1;
155
156 get_pubkey "$PB_UID" && get_seckey "$PB_UID"
157
158 [ "$PB_TYPE" = "png" ] \
159 && [ "$PB_MONTAGE" -eq 1 ] \
160 && montage_keys
161
162 exit 0
163}
164
165main "$@"