yawn · May 10, 2022 11:32
diff --git a/encrypt.sh b/encrypt.sh
 #!/bin/bash
 set -euo pipefail

 keys=$(sed -n 's/^Encryption: //p' security.txt)
 declare -a receivers

 for key in $keys
 do
 	# fetch key manually (we can't using --auto-key-locate clear,local,wkd --locate-key since the recipients might be different from the security email address)
 	t=$(mktemp)
 	$(curl -sLo $t $key)

 	# get id of first public key
 	id=$(gpg --with-fingerprint --with-colons $t | sed -rn 's/fpr:::::::::(.*):/\1/p')

 	# import key
 	$(gpg --import $t)

 	# populate recipient list using key ids
 	receivers+=("--recipient=$id")

 	# remove downloaded key
 	$(rm $t)
 done

 gpg --armor --trust-model always --encrypt ${receivers[@]}
	#!/bin/bash
	set -euo pipefail

	keys=$(sed -n 's/^Encryption: //p' security.txt)
	declare -a receivers

	for key in $keys
	do
	# fetch key manually (we can't using --auto-key-locate clear,local,wkd --locate-key since the recipients might be different from the security email address)
	t=$(mktemp)
	$(curl -sLo $t $key)

	# get id of first public key
	id=$(gpg --with-fingerprint --with-colons $t \| sed -rn 's/fpr:::::::::(.*):/\1/p')

	# import key
	$(gpg --import $t)

	# populate recipient list using key ids
	receivers+=("--recipient=$id")

	# remove downloaded key
	$(rm $t)
	done

	gpg --armor --trust-model always --encrypt ${receivers[@]}