summaryrefslogtreecommitdiffstats
path: root/debian/scripts/decrypt_gnupg
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/scripts/decrypt_gnupg26
-rw-r--r--debian/scripts/decrypt_gnupg-sc44
2 files changed, 70 insertions, 0 deletions
diff --git a/debian/scripts/decrypt_gnupg b/debian/scripts/decrypt_gnupg
new file mode 100644
index 0000000..18ab575
--- /dev/null
+++ b/debian/scripts/decrypt_gnupg
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+decrypt_gpg () {
+ echo "Performing GPG symmetric decryption ..." >&2
+ if ! /lib/cryptsetup/askpass "Enter passphrase for key $1: " | \
+ /usr/bin/gpg -q --batch --no-options \
+ --no-random-seed-file --no-default-keyring \
+ --keyring /dev/null --secret-keyring /dev/null \
+ --trustdb-name /dev/null --passphrase-fd 0 --decrypt -- "$1"; then
+ return 1
+ fi
+ return 0
+}
+
+if [ ! -x /usr/bin/gpg ]; then
+ echo "$0: /usr/bin/gpg is not available" >&2
+ exit 1
+fi
+
+if [ -z "$1" ]; then
+ echo "$0: missing key as argument" >&2
+ exit 1
+fi
+
+decrypt_gpg "$1"
+exit $?
diff --git a/debian/scripts/decrypt_gnupg-sc b/debian/scripts/decrypt_gnupg-sc
new file mode 100644
index 0000000..84eb62c
--- /dev/null
+++ b/debian/scripts/decrypt_gnupg-sc
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+if [ -d "/cryptroot/gnupghome" ]; then
+ export GNUPGHOME="/cryptroot/gnupghome"
+fi
+
+run_gpg() {
+ gpg --no-options --trust-model=always "$@"
+}
+decrypt_gpg () {
+ local console _
+ if ! GPG_TTY="$(tty)"; then
+ read console _ </proc/consoles
+ GPG_TTY="/dev/$console"
+ fi
+ export GPG_TTY
+
+ if ! run_gpg --decrypt -- "$1"; then
+ return 1
+ fi
+ return 0
+}
+
+# `gpg-connect-agent LEARN /bye` is another (lighter) way, but it's
+# harder to retrieve the return code
+if ! run_gpg --batch --quiet --no-tty --card-status >/dev/null; then
+ echo "Please insert OpenPGP SmartCard..." >&2
+ until run_gpg --batch --quiet --no-tty --card-status; do
+ sleep 1
+ done >/dev/null 2>&1
+fi
+
+if [ ! -x /usr/bin/gpg ]; then
+ echo "$0: /usr/bin/gpg is not available" >&2
+ exit 1
+fi
+
+if [ -z "$1" ] || [ ! -f "$1" ]; then
+ echo "$0: missing key as argument" >&2
+ exit 1
+fi
+
+decrypt_gpg "$1"
+exit $?