Refreshing PGP keys
Sun Jun 10 22:53:02 2001
Content-Type: text/plain; charset=us-ascii
One thing that seems to be missing from gnupg is an easy way to make
sure that you have the latest version of someones public key. This is
particularly relevant if a key has been revoked (also, for example if
there is a new self signature with different preferences or expiry
You could do a --recv-key for each key on your key ring in turn, but
this is a little tedious if done by hand.
I've attached a little shell script (nothing special) that I use to
automate this. It creates a list of the keyids in your public keyring,
and then performs a recv-key on each of them.
It creates three temporary files:
keylist - list of keyids in your keyring
keylistdone - list of keyids that it has updated
keylistresults - the output of gpg when receiving the keys
The script outputs the interesting stuff from the results file at the
(You can check how far it has got by comparing "wc -l keylist" and "wc
This probably isn't as good as checking a CRL every time you use a key,
but I think it is useful to run from time to time.
I hope this is useful to someone,
Content-Type: text/x-sh; charset=us-ascii
Content-Disposition: attachment; filename="refreshkeys.sh"
if [ -f keylist -o -f keylistdone -o -f keylistresults ]; then
echo Please delete keylist, keylistdone and keylistresults before use;
echo Building list...
gpg -k --with-colons | grep ^pub | cut -f 5 -d ':' > keylist
for i in $(cat keylist | xargs); do gpg --recv-key $i 2>> keylistresults; echo $i >> keylistdone; done
grep key keylistresults | grep -v "not changed" | grep -v requesting