Simon Richter (2001-11-01 16:28:13 +0100) : > I'm at a conference ATM, and I'm going to introduce a few people to the > concepts of key signing tomorrow. For this, I've hacked a few scripts, for > example one that makes a PS file which looks like "gpg --list-keys" output > (except with a nicer font), which I'd like to package so people can use > them for their own signing parties. Just in the case this helps honourable people on this list, and in the hope that maybe this work can end up in a good-quality package, I attach the scripts I use for GPG handling. They are not very long, not very complex, and therefore not very well documented (but the code is clear). sync-keys.sh can be used to fetch a key from several servers, or to push it back. Its aim is to synchronise keyrings.
#! /bin/sh if [ $# -lt 1 ] ; then echo "Usage: sync-keys.sh <--get | --put> key-id" exit 1 fi action=$1 shift keyid=$1 serverlist=$(sed s/#.*// ~/.sync-keys.conf) if [ "$action" == "--get" ] ; then for i in $serverlist ; do printf "Retrieving key $keyid from server $i..." # gpg --keyserver $i --recv-keys $keyid && printf " OK\n" || printf " NOT OK\n" gpg --keyserver $i --recv-keys $keyid &> /dev/null && printf " OK\n" || printf " NOT OK\n" done fi if [ "$action" == "--put" ] ; then for i in $serverlist ; do printf "Sending key $keyid to server $i..." # gpg --keyserver $i --send-keys $keyid && printf " OK\n" || printf " NOT OK\n" gpg --keyserver $i --send-keys $keyid &> /dev/null && printf " OK\n" || printf " NOT OK\n" done fi
Here is a sample .sync-keys.conf:
keyring.debian.org pgp.mit.edu # search.keyserver.net # Broken anyway, no use trying it # belgium.keyserver.net thailand.keyserver.net germany.keyserver.net www.pgp.net # deepblue.keyserver.net # lord.keyserver.net the.earth.li wwwkeys.eu.pgp.net certserver.pgp.com pgp.dtype.org
And here is the script I use to massively sign keys after a keysigning party. It relies on agpg (found in the quintuple-agent package), but it can also work with plain gpg if you prefer typing your passphrase everytime. If agpg is used, you only have to check the fingerprints, choose what UIDs to sign, and type 'sign' then 'save'. Type 'exit' when you have no more keys to sign.
#! /bin/sh while true ; do echo printf "Key ID: " read keyid if [ "$keyid" == "exit" ] ; then exit 0 ; fi echo sync-keys.sh --get $keyid echo agpg --edit-key $keyid echo sync-keys.sh --put $keyid echo echo done
Finally, here is a script that I used once to mail the newly signed keys to their owners. There used to be a bug (body was longer and longer as the list of recipients grew), I seem to remember I removed it, but please test stuff before using it. Remember this is my very first awk script (well, apart from the hello world one).
Description: AWK script to mail newly signed keys to their owners
Have fun, and send me patches if you improve things. Roland. -- Roland Mas Despite rumour, Death isn't cruel - merely terribly, terribly good at his job. -- in Sourcery (Terry Pratchett)