Clean up my gnupg keyring?

From Charles Lockhart’s GPG Cheat Sheet:

I've used User Name as being the name associated with the key. Sorry that isn't very imaginative. I think gpg is pretty wide in its user assignments, e.g., the name for my private key is “Charles Lockhart”, but I can reference that by just putting in “Lockhart”. That doesn't make any sense, sorry.

︙

to delete a public key (from your public key ring):
$ gpg --delete-key "User Name"
This removes the public key from your public key ring.
NOTE: If there is a private key on your private key ring associated with this public key, you will get an error! You must delete your private key for this key pair from your private key ring first.

to delete a private key (a key on your private key ring):
$ gpg --delete-secret-key "User Name"
This deletes the secret key from your secret key ring.

I have a bash script scheduled to run weekly from cron to handle this:

#!/bin/bash
# Clean up the GPG Keyring.  Keep it tidy.
# blog.lavall.ee
 
echo -n "Expired Keys: "
for expiredKey in $(gpg2 --list-keys | awk '/^pub.* \[expired\: / {id=$2; sub(/^.*\//, "", id); print id}' | fmt -w 999 ); do
    echo -n "$expiredKey"
    gpg2 --batch --quiet --delete-keys $expiredKey >/dev/null 2>&1
    if [ $? -eq 0 ]; then
        echo -n "(OK), "
    else
        echo -n "(FAIL), "
    fi
done
echo done.

echo -n "Update Keys: "
for keyid in $(gpg -k | grep ^pub | grep -v expired: | grep -v revoked: | cut -d/ -f2 | cut -d' ' -f1); do
    echo -n "$keyid"
    gpg2 --batch --quiet --edit-key "$keyid" check clean cross-certify save quit > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        echo -n "(OK), "
    else
        echo -n "(FAIL), "
    fi
done
echo done.

gpg2 --batch --quiet --refresh-keys > /dev/null 2>&1
if [ $? -eq 0 ]; then
    echo "Refresh OK"
else
     echo "Refresh FAIL."
fi

% gpg --edit-key KEYID
gpg> clean
User ID [...]: 139 signatures removed
gpg> save
% gpg --version
gpg (GnuPG) 1.4.18
[...]

Clean up my gnupg keyring?

Related

Recent Posts