Checking expiration date automatically

Sat Jan 12 15:53:11 CET 2008

On Sat, Jan 12, 2008 at 01:49:49PM +0100, ERIC LANDES wrote:
> 
> Hello,
> 
> I use gnupg with a software I write and it needs a gpg key with expiration date. 
> As I do not myself manage this software, I would like to provide a shell script on 
> Linux (e.g. launched every day with cron) which would check for the expiration date and send 
> a warning if key expires within a given time (15 days for example). 
> 
> Does there exist an option which would give the expiration date of a key, if such date exists ? 
> I saw nothing on man gpg. 
> 
> 
> It is possible to retrieve the expiration date on Linux with a 
> command line, as shown below, but the command is ugly, not totally safe 
> (because of the grep) and may not work on all versions of gpg. 
> 
> 
> Having these keys : 
> # LANG=C gpg --list-keys 
> /root/.gnupg/pubring.gpg
> ------------------------
> pub   1024D/E5F2C00E 2008-01-12 [expires: 2009-01-11]
> uid                  test date (test) <test at date>
> sub   2048g/7C17580B 2008-01-12 [expires: 2009-01-11]
> 
> pub   1024D/16B870A6 2008-01-12
> uid                  aaaaaa (fdsfsd) <a at a.a>
> sub   2048g/B2526B84 2008-01-12
> 
> Expiration date of key test at date is : 
> # LANG=C gpg --list-keys test at date | grep "\[expires:" | cut -d ":" -f 2 | cut -d " " -f 2 | cut -d "]" -f 1 | head -n 1
> 2009-01-11

See the file DETAILS in the doc/ directory.  Something like:

  gpg --with-colons --fixed-list-mode --list-keys test at date | cut -d: -f7

should do what you want.

The number is the expiration date (if any) expressed as the number of
seconds since 1/1/1970.

Daxvid