mhsign: use the strongest, newest not-expired secret key

Is there no GnuPG option to exclude expired keys from the listing?

diff --git a/uip/mhsign.sh b/uip/mhsign.sh
index 66ab142..038052b 100755 (executable)
--- a/uip/mhsign.sh
+++ b/uip/mhsign.sh
@@ -23,7 +23,12 @@ if [ -z "$userid" ] ; then
 fi
 if [ -z "$userid" ] ; then
        userid="`gpg --list-secret-keys --with-colons 2>/dev/null |
-                       sed -n '/^sec/{p;q;}' | cut -d: -f5`"
+                       grep '^sec' | sort -t: -k3,3nr -k 6,6nr |
+                       awk -F: '
+                               $7=="" || $7 > "'"\`date +%Y-%m-%d\`"'" {
+                                       print $5; exit;
+                               }
+                       '`"
 fi
 if [ -z "$userid" ] ; then
        echo "No secret key found" >&2