2 files changed, 12 insertions, 0 deletions

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index d3d3b95..a687f4e 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -37,6 +37,11 @@ monkeysphere-controlled authorized_keys file.  If no accounts are
 specified, then all accounts on the system are processed.  `u' may be
 used in place of `update\-users'.
 .TP
+.B refresh\-keys
+Refresh all keys in the monkeysphere-authentication keyring.  If no
+accounts are specified, then all accounts on the system are processed.
+`r' may be used in place of `refresh\-keys'.
+.TP
 .B add\-id\-certifier KEYID|FILE
 Instruct system to trust user identity certifications made by KEYID.
 The key ID will be loaded from the keyserver.  A file may be loaded
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 5b30628..b37949e 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -54,6 +54,7 @@ Monkeysphere authentication admin tool.
 
 subcommands:
  update-users (u) [USER]...        update user authorized_keys files
+ refresh-keys (r)                  refresh keys in keyring
 
  add-id-certifier (c+) KEYID|FILE  import and tsign a certification key
    [--domain (-n) DOMAIN]            limit ID certifications to DOMAIN
@@ -166,6 +167,12 @@ case $COMMAND in
 	update_users "$@"
 	;;
 
+    'refresh-keys'|'r')
+	source "${MASHAREDIR}/setup"
+	setup
+	gpg_sphere "--keyserver $KEYSERVER --refresh-keys"
+	;;
+
     'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
 	source "${MASHAREDIR}/setup"
 	setup