#!/bin/bash
# clean_keyring.sh - clean up all the excess keys

# origin: https://scruss.com/blog/2013/05/12/clean-up-your-gnupg-keyring/

# my key should probably be the first secret key listed
mykey=$(gpg --list-secret-keys --with-colons | grep '^sec' | cut -d: -f5 | head -1)
if
    [ -z $mykey ]
then
    # exit if no key string
    echo "Can't get user's key ID"
    exit 1
fi

# all of the people who have signed my key
mysigners=$(gpg --list-sigs --with-colons $mykey | grep '^sig' | cut -d: -f5 | sort -u)

# keep all of the signers, plus my key (if I haven't self-signed)
keepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u)

# the keepers list in egrep syntax: ^(key|key|…)
keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')

# show all the keepers as a comment so this script's output is shell-able
echo '# Keepers: ' $keepers

# everyone who isn't on the keepers list is deleted
deleters=$(gpg --list-keys --with-colons | grep '^pub' | cut -d: -f5 | egrep -v ${keepers_egrep})

# echo the command if there are any to delete
# command is interactive
if
    [ -z $deleters ]
then
    echo "# Nothing to delete!"
else
    echo 'gpg --delete-keys' $deleters
fi