Refreshing PGP keys

[Andrew McDonald]

--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

One thing that seems to be missing from gnupg is an easy way to make
sure that you have the latest version of someones public key. This is
particularly relevant if a key has been revoked (also, for example if
there is a new self signature with different preferences or expiry
date).

You could do a --recv-key for each key on your key ring in turn, but
this is a little tedious if done by hand.

I've attached a little shell script (nothing special) that I use to
automate this. It creates a list of the keyids in your public keyring,
and then performs a recv-key on each of them.

It creates three temporary files:
keylist - list of keyids in your keyring
keylistdone - list of keyids that it has updated
keylistresults - the output of gpg when receiving the keys
The script outputs the interesting stuff from the results file at the
end.
(You can check how far it has got by comparing "wc -l keylist" and "wc
-l keylistdone").

This probably isn't as good as checking a CRL every time you use a key,
but I think it is useful to run from time to time.

I hope this is useful to someone,


Andrew
-- 
Andrew McDonald
E-mail: andrew@mcdonald.org.uk
http://www.mcdonald.org.uk/andrew/

--pf9I7BMVVzbSWLtt
Content-Type: text/x-sh; charset=us-ascii
Content-Disposition: attachment; filename="refreshkeys.sh"

#!/bin/sh
if [ -f keylist -o -f keylistdone -o -f keylistresults ]; then
echo Please delete keylist, keylistdone and keylistresults before use;
exit;
fi
echo Building list...
gpg -k --with-colons | grep ^pub | cut -f 5 -d ':' > keylist
echo Processing...
for i in $(cat keylist | xargs); do gpg --recv-key $i 2>> keylistresults; echo $i >> keylistdone; done
grep key keylistresults | grep -v "not changed" | grep -v requesting

--pf9I7BMVVzbSWLtt--