Checking expiration date automatically
dshaw at jabberwocky.com
Sat Jan 12 15:53:11 CET 2008
On Sat, Jan 12, 2008 at 01:49:49PM +0100, ERIC LANDES wrote:
> I use gnupg with a software I write and it needs a gpg key with expiration date.
> As I do not myself manage this software, I would like to provide a shell script on
> Linux (e.g. launched every day with cron) which would check for the expiration date and send
> a warning if key expires within a given time (15 days for example).
> Does there exist an option which would give the expiration date of a key, if such date exists ?
> I saw nothing on man gpg.
> It is possible to retrieve the expiration date on Linux with a
> command line, as shown below, but the command is ugly, not totally safe
> (because of the grep) and may not work on all versions of gpg.
> Having these keys :
> # LANG=C gpg --list-keys
> pub 1024D/E5F2C00E 2008-01-12 [expires: 2009-01-11]
> uid test date (test) <test at date>
> sub 2048g/7C17580B 2008-01-12 [expires: 2009-01-11]
> pub 1024D/16B870A6 2008-01-12
> uid aaaaaa (fdsfsd) <a at a.a>
> sub 2048g/B2526B84 2008-01-12
> Expiration date of key test at date is :
> # LANG=C gpg --list-keys test at date | grep "\[expires:" | cut -d ":" -f 2 | cut -d " " -f 2 | cut -d "]" -f 1 | head -n 1
See the file DETAILS in the doc/ directory. Something like:
gpg --with-colons --fixed-list-mode --list-keys test at date | cut -d: -f7
should do what you want.
The number is the expiration date (if any) expressed as the number of
seconds since 1/1/1970.
More information about the Gnupg-users