agriffis/gpgsig

## gpgsig
#!/bin/bash
#
# gpgsig, a little script to sign your gpg/pgp keys
#
# Copyright 2006,2013 Aron Griffis <agriffis@n01se net>
# Released under the GNU GPL v2
#
# Based loosely on ideas Damien Chrisment's gpgsig, but written from scratch to
# be simpler and just do what I need.  Simply:
#
# 	gpgsig keyid
#

if [[ -z $GPGSIG_USER ]]; then
    echo "Please set GPGSIG_USER=\"Your Name <email@domain>\"" >&2
    exit 1
fi

: ${GPGSIG_SERVER:=subkeys.pgp.net}

function select-key {
    typeset keys defkey

    gpg --recv-key "$1" || gpg --search-keys "$1"
    keys=$(gpg --list-keys "$1" 2>/dev/null)
    [[ -n "$keys" ]] || return 1

    # first key returned is the default
    defkey=${keys#*/}; defkey=${defkey%% *}

    # if there are multiple keys, ask the user
    if [[ $(grep -c '^pub' <<<"$keys") -gt 1 ]]; then
	while true; do
	    echo
	    echo "$keys"
	    echo
	    read -p "Please select a key [$defkey] " k
	    if [[ -z $k ]]; then
		k=$defkey
	    else
		k=${k#*/}
		[[ ${#k} == 8 && $keys == */"$k "* ]] && break
		echo "That wasn't a valid key... please try again"
	    fi
	done
    else
	k=$defkey
    fi
}

function verify-fp {
    declare yn

    echo
    gpg --fingerprint "$k"
    echo
    read -p "Does the fingerprint match? " yn

    [[ "$yn" == [Yy]* ]] && return 0
    return 1
}

for k in "$@"; do
    select-key "$k" || exit 1 # changes the value of $k
    gpg --recv-key "$k" --keyserver "$GPGSIG_SERVER" || exit 1
    verify-fp "$k" || exit 1
    gpg --sign-key "$k" || exit 1
    gpg --list-sigs "$k"
    gpg --send-key "$k" --keyserver "$GPGSIG_SERVER" || exit 1

    # send the key to the owner
    email=$(gpg --list-keys "$k" | sed -n 's/^uid *//p' | head -n1)
    /usr/lib/sendmail -oi -t <<EOF
From: $GPGSIG_USER
To: $email
Bcc: $GPGSIG_USER
Subject: signed your key ($k)

I signed your GPG key
    $k
and uploaded it to the keyserver
    $GPGSIG_SERVER

You can also pipe this message to gpg import if you'd like
to import it directly.

Regards,
Aron

$(gpg --export --armor "$k")
EOF
done
	#!/bin/bash
	#
	# gpgsig, a little script to sign your gpg/pgp keys
	#
	# Copyright 2006,2013 Aron Griffis <agriffis@n01se net>
	# Released under the GNU GPL v2
	#
	# Based loosely on ideas Damien Chrisment's gpgsig, but written from scratch to
	# be simpler and just do what I need. Simply:
	#
	# gpgsig keyid
	#

	if [[ -z $GPGSIG_USER ]]; then
	echo "Please set GPGSIG_USER=\"Your Name <email@domain>\"" >&2
	exit 1
	fi

	: ${GPGSIG_SERVER:=subkeys.pgp.net}

	function select-key {
	typeset keys defkey

	gpg --recv-key "$1" \|\| gpg --search-keys "$1"
	keys=$(gpg --list-keys "$1" 2>/dev/null)
	[[ -n "$keys" ]] \|\| return 1

	# first key returned is the default
	defkey=${keys#/}; defkey=${defkey%% }

	# if there are multiple keys, ask the user
	if [[ $(grep -c '^pub' <<<"$keys") -gt 1 ]]; then
	while true; do
	echo
	echo "$keys"
	echo
	read -p "Please select a key [$defkey] " k
	if [[ -z $k ]]; then
	k=$defkey
	else
	k=${k#*/}
	[[ ${#k} == 8 && $keys == /"$k " ]] && break
	echo "That wasn't a valid key... please try again"
	fi
	done
	else
	k=$defkey
	fi
	}

	function verify-fp {
	declare yn

	echo
	gpg --fingerprint "$k"
	echo
	read -p "Does the fingerprint match? " yn

	[[ "$yn" == [Yy]* ]] && return 0
	return 1
	}

	for k in "$@"; do
	select-key "$k" \|\| exit 1 # changes the value of $k
	gpg --recv-key "$k" --keyserver "$GPGSIG_SERVER" \|\| exit 1
	verify-fp "$k" \|\| exit 1
	gpg --sign-key "$k" \|\| exit 1
	gpg --list-sigs "$k"
	gpg --send-key "$k" --keyserver "$GPGSIG_SERVER" \|\| exit 1

	# send the key to the owner
	email=$(gpg --list-keys "$k" \| sed -n 's/^uid *//p' \| head -n1)
	/usr/lib/sendmail -oi -t <<EOF
	From: $GPGSIG_USER
	To: $email
	Bcc: $GPGSIG_USER
	Subject: signed your key ($k)

	I signed your GPG key
	$k
	and uploaded it to the keyserver
	$GPGSIG_SERVER

	You can also pipe this message to gpg import if you'd like
	to import it directly.

	Regards,
	Aron

	$(gpg --export --armor "$k")
	EOF
	done