summaryrefslogtreecommitdiffstats
path: root/scripts/revoke-key
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/revoke-key')
-rwxr-xr-xscripts/revoke-key52
1 files changed, 52 insertions, 0 deletions
diff --git a/scripts/revoke-key b/scripts/revoke-key
new file mode 100755
index 0000000..db0c37c
--- /dev/null
+++ b/scripts/revoke-key
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# Copyright (c) 2008 Jonathan McDowell <noodles@earth.li>
+# GNU GPL; v2 or later
+# Imports a standalone revocation certificate
+
+set -e
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+ echo "Usage: revoke-key revocationcertfile dir" >&2
+ exit 1
+fi
+
+# avoid gnupg touching ~/.gnupg
+GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
+export GNUPGHOME
+trap cleanup exit
+cleanup () {
+ rm -rf "$GNUPGHOME"
+}
+
+revfile=$(readlink -f "$1") # gpg works better with absolute keyring paths
+keydir="$2"
+
+basename=$(basename "$revfile")
+date=`date -R`
+
+keyid=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $keyfile | grep '^pub' | cut -d : -f 5)
+
+if [ ! -e $keydir/0x$keyid ]; then
+ echo "0x$keyid isn't already in $keydir - new key or error."
+ exit 1
+fi
+
+gpg --import $keydir/0x$keyid
+gpg --import $revfile
+gpg --no-auto-check-trustdb --options /dev/null \
+ --export-options export-minimal,no-export-attributes \
+ --export $keyid > $GNUPGHOME/0x$keyid
+
+echo "Running gpg-diff:"
+scripts/gpg-diff $keydir/0x$keyid $GNUPGHOME/0x$keyid
+
+echo "Are you sure you want to update this key? (y/n)"
+read n
+
+if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
+ mv $GNUPGHOME/0x$keyid $keydir/0x$keyid
+ echo "Updated key."
+else
+ echo "Not updating key."
+fi