blob: 45d1c3db3b97a73c9a6c1f12f43915df4d8cd728 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/bin/bash
# Vim wrapper that auto-signs with yubisigner-cli after editing
# Used by NeoMutt mail2news account
# Creates PGP-like clearsign format with yubisigner signature
set -euo pipefail
# First argument is the file to edit
FILE="$1"
# Open vim for editing
vim "$FILE"
# Save original message
ORIGINAL_MSG=$(cat "$FILE")
# After vim exits, sign the message
echo ""
echo "Signing message with YubiKey..."
# Kill gpg-agent to release YubiKey (it will auto-restart later)
echo "Releasing YubiKey from gpg-agent..."
gpgconf --kill gpg-agent 2>/dev/null || true
sleep 1
# Sign with yubisigner-cli (PIN will be prompted)
if ! "$HOME/bin/yubisigner-cli/yubisigner-cli" \
--input "$FILE" \
--author "Gab Virebent" \
--email "gabriel1@virebent.art" \
--url "https://contact.virebent.art" \
--comment "Posted via NeoMutt mail2news"; then
echo ""
echo "ERROR: yubisigner-cli failed!"
echo "Press ENTER to continue WITHOUT signature..."
read
exit 0
fi
# Check if signature was created
if [ ! -f "$FILE.sig" ]; then
echo ""
echo "ERROR: Signature file not created!"
echo "Press ENTER to continue WITHOUT signature..."
read
exit 0
fi
# Create clearsign format (like PGP clearsign but with yubisigner signature)
{
echo "-----BEGIN YUBISIGNER SIGNED MESSAGE-----"
echo "Hash: SHA256"
echo ""
echo "$ORIGINAL_MSG"
echo ""
cat "$FILE.sig"
} > "$FILE.tmp"
# Replace original file with clearsign version
mv "$FILE.tmp" "$FILE"
# Cleanup
rm -f "$FILE.sig"
echo "Message signed successfully"
|