#! /usr/bin/env bash
# shellcheck shell=bash

set -euo pipefail

read -rp 'enter email address: ' email

echo "$email"

# create main key
gpg2 --quick-gen-key "Felix Schröter <$email>" ed25519 sign 1y || true

keyid=$(gpg2 --list-keys --with-colons "$email" | grep "^pub:" | cut -d: -f5)
fpr=$(gpg2 --list-keys --with-colons "$email" | grep "^fpr:" | cut -d: -f10)

# create subkeys
gpg2 --quick-add-key "$fpr" cv25519 encr 1y
gpg2 --quick-add-key "$fpr" ed25519 auth 1y
gpg2 --quick-add-key "$fpr" ed25519 sign 1y

echo "created keys:"
gpg2 --list-keys --with-subkey-fingerprint "$keyid"

sign=$(gpg2 --list-keys --with-colons "$email" | grep "::s::" -A 1)
sign_keyid=$(echo "$sign" | grep "^sub:" | cut -d: -f5)

auth=$(gpg2 --list-keys --with-colons "$email" | grep "::a::" -A 1)
auth_keyid=$(echo "$auth" | grep "^sub:" | cut -d: -f5)

pub_sign=$(gpg2 --armor --export "$sign_keyid!")
pub_ssh=$(gpg2 --export-ssh-key "$auth_keyid")

echo "public PGP key with signing subkey:"
echo "$pub_sign"
echo ""

echo "public SSH key for authenticating with git forges:"
echo "$pub_ssh"
echo ""