{"id":8483,"date":"2013-05-12T20:38:55","date_gmt":"2013-05-13T00:38:55","guid":{"rendered":"http:\/\/scruss.com\/blog\/?p=8483"},"modified":"2013-05-12T20:38:55","modified_gmt":"2013-05-13T00:38:55","slug":"clean-up-your-gnupg-keyring","status":"publish","type":"post","link":"https:\/\/scruss.com\/blog\/2013\/05\/12\/clean-up-your-gnupg-keyring\/","title":{"rendered":"clean up your GnuPG keyring"},"content":{"rendered":"

For reasons too annoying to explain, my GnuPG<\/a> keyring was huge. It was taking a long time to find keys, and most of them weren’t ones I’d use. So I wrote this little script that strips out all of the keys that aren’t<\/p>\n

    \n
  1. yours, or<\/li>\n
  2. signatories to your key.<\/li>\n<\/ol>\n

    The script doesn’t actually delete any keys. It produces shell-compatible output that you can pipe or copy to a shell. Now my keyring file is less than 4% the size (or more precisely, 37\u00e2\u20ac\u00b0) of the size it was before.<\/p>\n

    \r\n#!\/bin\/bash\r\n# clean_keyring.sh - clean up all the excess keys\r\n\r\n# my key should probably be the first secret key listed\r\nmykey=$(gpg --list-secret-keys | grep '^sec' | cut -c 13-20 | head -1)\r\nif\r\n    [ -z $mykey ]\r\nthen\r\n    # exit if no key string\r\n    echo "Can't get user's key ID"\r\n    exit 1\r\nfi\r\n\r\n# all of the people who have signed my key\r\nmysigners=$(gpg --list-sigs $mykey | grep '^sig' | cut -c 14-21 | sort -u) \r\n\r\n# keep all of the signers, plus my key (if I haven't self-signed)\r\nkeepers=$(echo $mykey $mysigners | tr ' ' '\012' | sort -u)\r\n\r\n# the keepers list in egrep syntax: ^(key|key|\u00e2\u20ac\u00a6)\r\nkeepers_egrep=$(echo $keepers | sed 's\/^\/^(\/; s\/$\/)\/; s\/ \/|\/g;')\r\n\r\n# show all the keepers as a comment so this script's output is shell-able\r\necho '# Keepers: ' $keepers\r\n\r\n# everyone who isn't on the keepers list is deleted\r\ndeleters=$(gpg --list-keys | grep '^pub'|  cut -c 13-20 | egrep -v ${keepers_egrep})\r\n\r\n# echo the command if there are any to delete\r\n# command is interactive\r\nif\r\n    [ -z $deleters ]\r\nthen\r\n    echo "# Nothing to delete!"\r\nelse\r\n    echo 'gpg --delete-keys' $deleters\r\nfi\r\n<\/pre>\n
    Files:<\/p>\n