#!/bin/bash # clean_keyring.sh - clean up all the excess keys # my key should probably be the first secret key listed mykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20 | head -1) if [ -z $mykey ] then # exit if no key string echo "Can't get user's key ID" exit 1 fi # all of the people who have signed my key mysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u) # keep all of the signers, plus my key (if I haven't self-signed) keepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u) # the keepers list in egrep syntax: ^(key|key|…) keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;') # show all the keepers as a comment so this script's output is shell-able echo '# Keepers: ' $keepers # everyone who isn't on the keepers list is deleted deleters=$(gpg --list-keys | grep '^pub'| cut -c 13-20 | egrep -v ${keepers_egrep}) # echo the command if there are any to delete # command is interactive if [ -z $deleters ] then echo "# Nothing to delete!" else echo 'gpg --delete-keys' $deleters fi