Joe, et al --
...and then Joe Philipps said...
% On Sun, Dec 17, 2000 at 03:11:43PM -0600, Lance Simmons wrote:
% >A day or two ago, someone on this list mentioned setting up a procmail
% >recipe to have gpg get keys automatically.
...
% >Does anyone have an example
% >of such a recipe?
I like the idea of having gpg fetch keys for me in the background, but on
a quick connection it isn't too necessary. I haven't played with setting
up such a procmail rule because ...
%
% I'm curious...do users usually use a separate keyring for things like
... I absolutely do; that was a big seller of gpg or pgp for me, since my
key list currently says
% gpg --list-keys | grep ^pub | wc -l
100
and that's way too many to manage in one ring.
Attached for the interest of those who would have it are portions of my
gpg options file (defining keyrings), .cshrc (defining a gpg command that
does not use the options file and thus does not know about the extra
keyrings), and an absolutely ugly hack to move keys from my catch-all
ring to a named ring (eg mutt). I know that I should rewrite the latter
in a decent language or at least even clean it up, and that I should
probably look into cascading options files so that I can skip the ugly
$GNOPG setting, but I've been lazy and this has worked.
Whenever I'm reading a folder and I see gpg tell me that it has imported
a key, I simply
!.gnupg/gpg--move <cut-n-paste-key-id> <ring-name>
to move it to the associated keyring; my catch-all ring stays fairly
empty. mutt and gpg are so good at retrieving keys that I sometimes miss
it, so I have a few keys in 'misc' that I can't find in any mailing list
to know which ring *should* have them :-)
HTH & HH
:-D
--
David T-G * It's easier to fight for one's principles
(play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie
(work) [EMAIL PROTECTED]
http://www.bigfoot.com/~davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
# Uncomment the next line to get rid of the copyright notice
no-greeting
# where to go for keys ### thanks to c^2 in mutt-users
keyserver wwwkeys.eu.pgp.net
#keyserver wwwkeys.us.pgp.net
#keyserver certserver.pgp.com
#keyserver keyserver.net
# I know, already; be quiet
no-secmem-warning
# keyrings to use (in search order)
keyring pubring.gpg
secret-keyring secring.gpg
keyring pubring.davidtg-old-keys.gpg
secret-keyring secring.davidtg-old-keys.gpg
keyring pubring.corona.gpg
secret-keyring secring.corona.gpg
keyring pubring.certkeys.gpg
secret-keyring secring.certkeys.gpg
keyring pubring.corporate+group.gpg
secret-keyring secring.corporate+group.gpg
keyring pubring.rsa-keys.gpg
secret-keyring secring.rsa-keys.gpg
keyring pubring.other-old-keys.gpg
secret-keyring secring.other-old-keys.gpg
keyring pubring.tlinux.gpg
secret-keyring secring.tlinux.gpg
keyring pubring.freenet.gpg
secret-keyring secring.freenet.gpg
keyring pubring.mutt.gpg
secret-keyring secring.mutt.gpg
keyring pubring.misc.gpg
secret-keyring secring.misc.gpg
keyring pubring.move.gpg
secret-keyring secring.move.gpg
keyring pubring.catch-all-keys.gpg
secret-keyring secring.catch-all-keys.gpg
setenv GNOPG "gpg --options /dev/null --no-greeting --no-secmem-warning" # for
no-options running
#!/bin/sh
# quick hack to move keys from catch-all ring to specified ring
# Usage: $0 KEYID ringname [-s]
NOOPTS="--options /dev/null --no-greeting --no-secmem-warning" # --load-extension rsa
--load-extension idea"
[ $# -lt 2 ] && { echo "�Barf! Insufficient args!" ; exit ; }
KEY=$1 ; KEY=`echo $KEY | sed -e "s@.*/@@" -e "s/0x//"` ### check for RSA?
RING=$2
echo "KEY = $KEY" ; echo "RING = $RING" ###
# look for key; puke if not found
gpg --list-keys $KEY 2>/dev/null || { echo "�Barf! Key not found!" ; }
# move seckey first
[ "$3" = "-s" ] && \
gpg --export-secret-key $KEY | gpg $NOOPTS --secret-keyring secring.$RING.gpg
--import
# move pubkey next
gpg --export $KEY | gpg $NOOPTS --keyring pubring.$RING.gpg --import
# wipe seckey first
[ "$3" = "-s" ] && \
{ gpg $NOOPTS --secret-keyring secring.$RING.gpg --list-secret-key $KEY 2>/dev/null
|| \
{ echo "�Barf! Key not found on $RING secring!" ; }
gpg $NOOPTS --secret-keyring secring.$RING.gpg --secret-keyring
secring.catch-all-keys.gpg --list-secret-keys
gpg $NOOPTS --secret-keyring secring.catch-all-keys.gpg --delete-secret-key $KEY ; }
# wipe pubkey next
gpg $NOOPTS --keyring pubring.$RING.gpg --list-key $KEY 2>/dev/null || \
{ echo "�Barf! Key not found on $RING pubring!" ; }
gpg $NOOPTS --keyring pubring.$RING.gpg --keyring pubring.catch-all-keys.gpg
--list-keys
gpg $NOOPTS --keyring pubring.catch-all-keys.gpg --delete-key $KEY
### gpg --armor --export 18F78541 | gpg --options /dev/null --no-greeting
--no-secmem-warning --keyring pubring.mutt.gpg --armor --import
### gpg --options /dev/null --no-greeting --no-secmem-warning --keyring
pubring.mutt.gpg --keyring pubring.catch-all-keys.gpg --list-keys
### gpg --options /dev/null --no-greeting --no-secmem-warning --keyring
pubring.catch-all-keys.gpg --delete-key 18F78541
PGP signature
