summaryrefslogtreecommitdiff
path: root/localgpgcleankeyring
blob: 0be9c6758528827f5a371cae6ecfbd2fee2bb05e (plain)
  1. #!/bin/bash
  2. # clean_keyring.sh - clean up all the excess keys
  3. # origin: https://scruss.com/blog/2013/05/12/clean-up-your-gnupg-keyring/
  4. # my key should probably be the first secret key listed
  5. mykey=$(gpg --list-secret-keys --with-colons | grep '^sec' | cut -d: -f5 | head -1)
  6. if
  7. [ -z $mykey ]
  8. then
  9. # exit if no key string
  10. echo "Can't get user's key ID"
  11. exit 1
  12. fi
  13. # all of the people who have signed my key
  14. mysigners=$(gpg --list-sigs --with-colons $mykey | grep '^sig' | cut -d: -f5 | sort -u)
  15. # keep all of the signers, plus my key (if I haven't self-signed)
  16. keepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u)
  17. # the keepers list in egrep syntax: ^(key|key|…)
  18. keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')
  19. # show all the keepers as a comment so this script's output is shell-able
  20. echo '# Keepers: ' $keepers
  21. # everyone who isn't on the keepers list is deleted
  22. deleters=$(gpg --list-keys --with-colons | grep '^pub' | cut -d: -f5 | egrep -v ${keepers_egrep})
  23. # echo the command if there are any to delete
  24. # command is interactive
  25. if
  26. [ -z $deleters ]
  27. then
  28. echo "# Nothing to delete!"
  29. else
  30. echo 'gpg --delete-keys' $deleters
  31. fi