From 1ec0f1695f9f129210f7c3cdc0c85d329cc055df Mon Sep 17 00:00:00 2001 From: markus schnalke Date: Tue, 13 Jan 2015 23:13:59 +0100 Subject: [PATCH] mhsign: use the strongest, newest not-expired secret key Is there no GnuPG option to exclude expired keys from the listing? --- uip/mhsign.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/uip/mhsign.sh b/uip/mhsign.sh index 66ab142..038052b 100755 --- a/uip/mhsign.sh +++ b/uip/mhsign.sh @@ -23,7 +23,12 @@ if [ -z "$userid" ] ; then fi if [ -z "$userid" ] ; then userid="`gpg --list-secret-keys --with-colons 2>/dev/null | - sed -n '/^sec/{p;q;}' | cut -d: -f5`" + grep '^sec' | sort -t: -k3,3nr -k 6,6nr | + awk -F: ' + $7=="" || $7 > "'"\`date +%Y-%m-%d\`"'" { + print $5; exit; + } + '`" fi if [ -z "$userid" ] ; then echo "No secret key found" >&2 -- 1.7.10.4