#!/bin/bash
# Backup GPG key (both private and public) to a directory
# Usage: gpg-backup-key [output-dir] [key-id or email]

set -e

OUTPUT_DIR="${1:-$HOME}"
KEY_ID="${2:-}"

# If no key specified, use first secret key
if [[ -z $KEY_ID ]]; then
    KEY_ID=$(gpg --list-secret-keys --keyid-format LONG 2>/dev/null | grep '^sec' | head -1 | sed 's/.*\/\([A-F0-9]*\) .*/\1/')
fi

if [[ -z $KEY_ID ]]; then
    echo "Error: No GPG key found"
    exit 1
fi

# Create output directory if needed
mkdir -p "$OUTPUT_DIR"

PRIVATE_KEY="$OUTPUT_DIR/gpg-private-key-$KEY_ID.asc"
PUBLIC_KEY="$OUTPUT_DIR/gpg-public-key-$KEY_ID.asc"

echo "Backing up GPG key $KEY_ID"
echo ""

echo "Exporting private key to $PRIVATE_KEY..."
gpg --armor --export-secret-keys "$KEY_ID" >"$PRIVATE_KEY"
chmod 600 "$PRIVATE_KEY"

echo "Exporting public key to $PUBLIC_KEY..."
gpg --armor --export "$KEY_ID" >"$PUBLIC_KEY"

echo ""
echo "Backup complete!"
echo "  Private key: $PRIVATE_KEY"
echo "  Public key:  $PUBLIC_KEY"
echo ""
echo "WARNING: Keep your private key safe and never share it!"
echo ""
echo "To restore, run:"
echo "  gpg-restore-key $PRIVATE_KEY"