Created
March 20, 2013 00:08
-
-
Save agriffis/5201300 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# gpgsig, a little script to sign your gpg/pgp keys | |
# | |
# Copyright 2006,2013 Aron Griffis <agriffis@n01se net> | |
# Released under the GNU GPL v2 | |
# | |
# Based loosely on ideas Damien Chrisment's gpgsig, but written from scratch to | |
# be simpler and just do what I need. Simply: | |
# | |
# gpgsig keyid | |
# | |
if [[ -z $GPGSIG_USER ]]; then | |
echo "Please set GPGSIG_USER=\"Your Name <email@domain>\"" >&2 | |
exit 1 | |
fi | |
: ${GPGSIG_SERVER:=subkeys.pgp.net} | |
function select-key { | |
typeset keys defkey | |
gpg --recv-key "$1" || gpg --search-keys "$1" | |
keys=$(gpg --list-keys "$1" 2>/dev/null) | |
[[ -n "$keys" ]] || return 1 | |
# first key returned is the default | |
defkey=${keys#*/}; defkey=${defkey%% *} | |
# if there are multiple keys, ask the user | |
if [[ $(grep -c '^pub' <<<"$keys") -gt 1 ]]; then | |
while true; do | |
echo | |
echo "$keys" | |
echo | |
read -p "Please select a key [$defkey] " k | |
if [[ -z $k ]]; then | |
k=$defkey | |
else | |
k=${k#*/} | |
[[ ${#k} == 8 && $keys == */"$k "* ]] && break | |
echo "That wasn't a valid key... please try again" | |
fi | |
done | |
else | |
k=$defkey | |
fi | |
} | |
function verify-fp { | |
declare yn | |
echo | |
gpg --fingerprint "$k" | |
echo | |
read -p "Does the fingerprint match? " yn | |
[[ "$yn" == [Yy]* ]] && return 0 | |
return 1 | |
} | |
for k in "$@"; do | |
select-key "$k" || exit 1 # changes the value of $k | |
gpg --recv-key "$k" --keyserver "$GPGSIG_SERVER" || exit 1 | |
verify-fp "$k" || exit 1 | |
gpg --sign-key "$k" || exit 1 | |
gpg --list-sigs "$k" | |
gpg --send-key "$k" --keyserver "$GPGSIG_SERVER" || exit 1 | |
# send the key to the owner | |
email=$(gpg --list-keys "$k" | sed -n 's/^uid *//p' | head -n1) | |
/usr/lib/sendmail -oi -t <<EOF | |
From: $GPGSIG_USER | |
To: $email | |
Bcc: $GPGSIG_USER | |
Subject: signed your key ($k) | |
I signed your GPG key | |
$k | |
and uploaded it to the keyserver | |
$GPGSIG_SERVER | |
You can also pipe this message to gpg import if you'd like | |
to import it directly. | |
Regards, | |
Aron | |
$(gpg --export --armor "$k") | |
EOF | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment