Tag: keyring

  • clean up your GnuPG keyring

    For reasons too annoying to explain, my GnuPG keyring was huge. It was taking a long time to find keys, and most of them weren’t ones I’d use. So I wrote this little script that strips out all of the keys that aren’t

    1. yours, or
    2. signatories to your key.

    The script doesn’t actually delete any keys. It produces shell-compatible output that you can pipe or copy to a shell. Now my keyring file is less than 4% the size (or more precisely, 37‰) of the size it was before.

    #!/bin/bash
    # clean_keyring.sh - clean up all the excess keys
    
    # my key should probably be the first secret key listed
    mykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20 | head -1)
    if
        [ -z $mykey ]
    then
        # exit if no key string
        echo "Can't get user's key ID"
        exit 1
    fi
    
    # all of the people who have signed my key
    mysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u) 
    
    # keep all of the signers, plus my key (if I haven't self-signed)
    keepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u)
    
    # the keepers list in egrep syntax: ^(key|key|…)
    keepers_egrep=$(echo $keepers | sed 's/^/^(/; s/$/)/; s/ /|/g;')
    
    # show all the keepers as a comment so this script's output is shell-able
    echo '# Keepers: ' $keepers
    
    # everyone who isn't on the keepers list is deleted
    deleters=$(gpg --list-keys | grep '^pub'|  cut -c 13-20 | egrep -v ${keepers_egrep})
    
    # echo the command if there are any to delete
    # command is interactive
    if
        [ -z $deleters ]
    then
        echo "# Nothing to delete!"
    else
        echo 'gpg --delete-keys' $deleters
    fi
    

    Files: