summaryrefslogtreecommitdiff
path: root/localgpgcleankeyring
blob: 0be9c6758528827f5a371cae6ecfbd2fee2bb05e (plain) 
    

  1. #!/bin/bash
    2. 

  2. # clean_keyring.sh - clean up all the excess keys
    3. 

  3. 

  4. # origin: https://scruss.com/blog/2013/05/12/clean-up-your-gnupg-keyring/
    5. 

  5. 

  6. # my key should probably be the first secret key listed
    7. 

  7. mykey=$(gpg --list-secret-keys --with-colons | grep '^sec' | cut -d: -f5 | head -1)
    8. 

  8. if
    9. 

  9.     [ -z $mykey ]
    10. 

  10. then
    11. 

  11.     # exit if no key string
    12. 

  12.     echo "Can't get user's key ID"
    13. 

  13.     exit 1
    14. 

  14. fi
    15. 

  15. 

  16. # all of the people who have signed my key
    17. 

  17. mysigners=$(gpg --list-sigs --with-colons $mykey | grep '^sig' | cut -d: -f5 | sort -u)
    18. 

  18. 

  19. # keep all of the signers, plus my key (if I haven't self-signed)
    20. 

  20. keepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u)
    21. 

  21. 

  22. # the keepers list in egrep syntax: ^(key|key|…)
    23. 

  23. keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')
    24. 

  24. 

  25. # show all the keepers as a comment so this script's output is shell-able
    26. 

  26. echo '# Keepers: ' $keepers
    27. 

  27. 

  28. # everyone who isn't on the keepers list is deleted
    29. 

  29. deleters=$(gpg --list-keys --with-colons | grep '^pub' | cut -d: -f5 | egrep -v ${keepers_egrep})
    30. 

  30. 

  31. # echo the command if there are any to delete
    32. 

  32. # command is interactive
    33. 

  33. if
    34. 

  34.     [ -z $deleters ]
    35. 

  35. then
    36. 

  36.     echo "# Nothing to delete!"
    37. 

  37. else
    38. 

  38.     echo 'gpg --delete-keys' $deleters
    39. 

  39. fi
    40.
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-18 20:41:40 +0000