Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
#GPG=gpg
# or
GPG=gpg2
# Create test keys in `original_gnupg_test_home` folder
mkdir original_gnupg_test_home 2>/dev/null
cd original_gnupg_test_home
export GNUPGHOME="$(pwd)"
# Gen key with one subkey
$GPG --gen-key
# Add another one subkey
PRIMARY="$($GPG -K | grep "^sec" | awk '{print $2}' | sed -r 's/[0-9RD]+\///')"
$GPG --edit-key "$PRIMARY" addkey
#!/bin/bash
#GPG=gpg
# or
GPG=gpg2
split_and_save()
(
# Save splitted keyparts to folders
rm -rf "$1" 2>/dev/null
mkdir "$1"
cd "$1"
(
mkdir secring
cd secring
cat "$GNUPGHOME"/secring.gpg | gpgsplit
)
(
mkdir pubring
cd pubring
cat "$GNUPGHOME"/pubring.gpg | gpgsplit
)
)
# Use temp folder as gnupg home
export GNUPGHOME="$(mktemp -d)"
# Fill it with pre-generated test keys
cp -r original_gnupg_test_home/* "$GNUPGHOME"
export PRIMARY="$($GPG -K | grep "^sec" | awk '{print $2}' | sed -r 's/[0-9RD]+\///')"
export SUBONE="$($GPG -K | grep "^ssb" | head -n 1 | awk '{print $2}' | sed -r 's/[0-9RD]+\///')"
export SUBTWO="$($GPG -K | grep "^ssb" | tail -n 1 | awk '{print $2}' | sed -r 's/[0-9RD]+\///')"
# Split original keyparts for compare in future
split_and_save initial
cat <<EOF
=============================================================
Expire first or second subkey, compare the result
> key 1
> expire
> save
or
> key 2
> expire
> save
=============================================================
Press [Enter] key to continue...
EOF
read
$GPG --edit-key "$PRIMARY"
# Split expired keyparts for compare in future
split_and_save expired
clear
cat <<EOF
=============================================================
In this keyring:
EOF
$GPG -k
# Export secret keys to tempfile
TEMPEXPORT="$(mktemp)"
$GPG --export-secret-keys > "$TEMPEXPORT"
# Use new empty gnupg home
export GNUPGHOME="$(mktemp -d)"
# Import from tempfile
$GPG --import "$TEMPEXPORT" >/dev/null 2>&1
cat <<EOF
=============================================================
After reimporting to new keyring:
EOF
$GPG -k
cat <<EOF
$SUBONE key will disappear if you've edited $SUBTWO, and $SUBTWO is still not expired.
Here is the diff. See which key parts had changed in pub and sec rings.
EOF
diff -r initial expired
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment