cfg/bin/clean-keys

41 lines
1.3 KiB
Text
Raw Normal View History

2016-07-21 13:48:49 +00:00
#!/bin/bash
# clean_keyring.sh - clean up all the excess keys
2016-07-21 13:48:49 +00:00
# my key should probably be the first secret key listed
mykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20)
if [ -z "$mykey" ]; then
# exit if no key string
echo "Can't get user's key ID"
exit 1
2016-07-21 13:48:49 +00:00
fi
2016-07-21 13:48:49 +00:00
# all of the people who have signed my key
mysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u)
2016-07-21 13:48:49 +00:00
# keep also the keys of persons I'm tracking on keybase.io
keybase_tracks=""
for person in $(keybase list-tracking); do
id=$(keybase id $person 2>&1 | grep "public key fingerprint" | cut -d ':' -f 2 | cut -c 41-50 | sed "s/ //g")
keybase_tracks="$keybase_tracks $id"
done
2016-07-21 13:48:49 +00:00
# keep all of the signers, plus my key (if I haven't self-signed)
keepers=$(echo $mykey $mysigners $keybase_tracks | tr ' ' '\012' | sort -u)
2016-07-21 13:48:49 +00:00
# the keepers list in egrep syntax: ^(key|key|…)
keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')
2016-07-21 13:48:49 +00:00
# show all the keepers as a comment so this script's output is shell-able
echo '# Keepers: ' $keepers
2016-07-21 13:48:49 +00:00
# everyone who isn't on the keepers list is deleted
deleters=$(gpg --list-keys | grep '^pub' | cut -c 13-20 | egrep -v ${keepers_egrep})
2016-07-21 13:48:49 +00:00
# echo the command if there are any to delete
# command is interactive
if [ -z "$deleters" ]; then
echo "# Nothing to delete!"
2016-07-21 13:48:49 +00:00
else
echo 'gpg --delete-keys' $deleters
2016-07-21 13:48:49 +00:00
fi