gpg2 on a Windows 10 Pro 64 bit machine
Jerry
jerry at seibercom.net
Mon Feb 27 11:59:09 CET 2017
On Sun, 26 Feb 2017 20:56:55 -0500, Robert J. Hansen stated:
>> I am not sure what that is referring to. Also, there are numerous
>> keys listed as revoked or expired. Is there a anything I can run
>> from the command line that will automatically remove all revoked or
>> expired keys?
>
>Kinda-sorta, but yes!
>
>WARNING: this works on my laptop for both GnuPG 2.0 and 2.1. It may
>not work on yours.
>
>Save everything between the "=====" marks to a file named
>"gpgclean.ps1".
>
>
>=====
># gpgclean.ps1 -- cleans expired/revoked keys from GnuPG
># Requires GnuPG 2.0 or later.
>#
># Copyright 2017, Rob Hansen
>#
># Permission to use, copy, modify, and/or distribute this
># software for any purpose with or without fee is hereby
># granted, provided that the above copyright notice and
># this permission notice appear in all copies.
>#
># THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS
># ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
># IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
># EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
># INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
># WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
># WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
># TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
># USE OR PERFORMANCE OF THIS SOFTWARE.
>
>
>
># Use the Windows Registry to find GnuPG's location
>
>## Start by looking for GnuPG 2.1. If we can't find
>## it, fall back to looking for 2.0.
>
>If (Test-Path "HKLM:\Software\WOW6432Node\GnuPG") {
> $gpgdir = Join-Path `
> -Path (Get-ItemPropertyValue `
> -Path "HKLM:\Software\WOW6432Node\GnuPG" `
> "Install Directory") `
> -ChildPath "bin"
> $gpg = Join-Path -Path $gpgdir "gpg.exe"
>}
>ElseIf (Test-Path "HKLM:\Software\WOW6432Node\GNU\GnuPG") {
> $gpgdir = Get-ItemPropertyValue `
> -Path "HKLM:\Software\WOW6432Node\Gnu\GnuPG" `
> "Install Directory"
> $gpg = Join-Path -Path $gpgdir "gpg2.exe"
>}
>
># Create the two Lists we're going to use to store the
># revoked/expired private keys and the revoked/expired
># public keys
>$private_keys = New-Object `
> -TypeName System.Collections.Generic.List[string]
>$public_keys = New-Object `
> -TypeName System.Collections.Generic.List[string]
>
># Many of our "expired" keys will have new, duration-
># extending signatures. We do a keyring refresh from the
># keyservers to ensure we don't delete anything we don't
># have to.
>&$gpg --keyserver pool.sks-keyservers.net `
> --refresh
>
># Get the expired/revoked private and public keys
>(&$gpg --keyid-format long `
> --fixed-list-mode `
> --with-colons --list-key | `
> Select-String -Pattern "^pub:(r|e)").ForEach({
> $match = [regex]::match($_, "([A-F0-9]{16})")
> $keyid = $match.Groups[1].Value
> $public_keys.Add($keyid)
> }
>)
>
>## In GnuPG 2.0, you can't figure out whether a private
>## key is expired except by looking at its corresponding
>## public key. In GnuPG 2.1, you can, but the old way
>## still works. This code will therefore work with both.
>If ($public_keys.Count -gt 0) {
> (&$gpg --keyid-format long `
> --fixed-list-mode `
> --with-colons --list-secret-key $public_keys | `
> Select-String -Pattern "^sec").ForEach({
> $match = [regex]::match($_, "([A-F0-9]{16})")
> $keyid = $match.Groups[1].Value
> $private_keys.Add($keyid)
> }
> )
>}
>
># If we have revoked/expired private keys, get rid
># of them first.
>if ($private_keys.Count -gt 0) {
> &$gpg --yes --delete-secret-keys $private_keys
>}
># Follow up with revoked/expired public keys
>if ($public_keys.Count -gt 0) {
> &$gpg --yes --delete-keys $public_keys
>}
>=====
>
>
>Save that. Then, in the "Ask me anything" box, type "Windows
>PowerShell". Launch the program that comes up. You'll see a prompt
>like:
>
> PS C:\Users\rjh>
>
>Then just type the path to gpgclean.ps1 and hit RETURN.
>
> PS C:\Users\rjh> .\Documents\gpgclean.ps1
>
>It will likely appear to hang for a few minutes. That's normal. It's
>refreshing your keyring in order to see if any certs have revised
>expiration dates. Once it finishes that, the rest goes quickly.
>
>If there's interest, I'll put a good-looking GUI on this.
I just ran the program, and it seems to work fine.
Using Windows 10 PRO 64 bit, users can simply locate the program and
right click on it. A menu will come up. One of the selections is to run
with Windows Power Shell. Simple click on that and you are off to the
races. The first time you run the program Windows will ask if you want
to change the permissions on the program so it can be run. At least it
did on my machine.
A GUI might be interesting. I would be willing to beta test it for you.
Thanks for your hard work on this.
--
Jerry
More information about the Gnupg-users
mailing list