#! /usr/bin/env nix-shell
#! nix-shell -p rage -p openssl -p dash -i dash --impure

cd "$(dirname "$0")" || {
    echo "No basedir?!"
    exit 1
}

key_name="$1"
[ -z "$key_name" ] && {
    echo "Usage: $0 KEY_NAME"
    exit 2
}

[ -d "$key_name" ] || mkdir "$key_name"
cd "$key_name" || {
    echo "Just created."
    exit 1
}

openssl genpkey -algorithm ed25519 -out "private"
openssl pkey -in "private" -pubout -out "public.tmp"

openssl asn1parse -in "public.tmp" -offset 12 -noout -out /dev/stdout | base64 --wrap 0 >"public"
rm "public.tmp"

rage --encrypt \
    --armor \
    --recipient "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILxdvBk/PC9fC7B5vqe9TvygZKY6LgDQ2mXRdVrthBM/" \
    "private" >"private.age"
rm "private"

# vim: ft=sh