summaryrefslogtreecommitdiff
path: root/localgpgcleankeyring
blob: b7fb20520ec78da71dcf9b24a9f57b2aac0f4a14 (plain) 
    

  1. #!/bin/sh
    2. 

  2. # clean_keyring.sh - clean up all the excess keys
    3. 

  3. 

  4. # origin: https://scruss.com/blog/2013/05/12/clean-up-your-gnupg-keyring/
    5. 

  5. 

  6. set -e
    7. 

  7. 

  8. # my keys are those with a corresponding secret key
    9. 

  9. mykeys=$(gpg --batch --list-secret-keys --with-colons | grep '^sec' | cut -d: -f5)
    10. 

  10. if [ -z "$mykeys" ]; then
    11. 

  11.     # exit if no key string
    12. 

  12.     echo "Can't get user's key ID"
    13. 

  13.     exit 1
    14. 

  14. fi
    15. 

  15. 

  16. # all of the people who have signed my key
    17. 

  17. mysigners=$(gpg --batch --list-sigs --with-colons $mykeys | grep '^sig' | cut -d: -f5 | sort -u)
    18. 

  18. 

  19. # keep all of the signers, plus my key (if I haven't self-signed)
    20. 

  20. keepers=$(echo $mykeys $mysigners | tr ' ' '\012' | sort -u)
    21. 

  21. 

  22. # the keepers list in egrep syntax: ^(key|key|…)
    23. 

  23. keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')
    24. 

  24. 

  25. # everyone who isn't on the keepers list is deleted
    26. 

  26. deleters=$(gpg --batch --list-keys --with-colons | grep '^pub' | cut -d: -f5 | egrep -v ${keepers_egrep})
    27. 

  27. 

  28. if [ -z "$deleters" ]; then
    29. 

  29.     echo "# Nothing to delete!"
    30. 

  30. else
    31. 

  31.     gpg --batch "$@" --delete-keys $deleters
    32. 

  32. fi
    33.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 16:14:35 +0000