23rd August 2018


These are some GnuPG related scripts I use to sign keys or analyze keyrings or keys and their signatures after Keysigning events.

GPG Sign Keys

(Semi)automatic GnuPG keysigning for busy people. Sign GPG keys, upload signatures to keyservers, and mail signed keys to their owner, including support for multiple private keys to sign with. All that’s left to do is verify fingerprints, type your password, and answer any questions asked by GPG.

This script contains patches contributed by Tobias Sager, Daniel Hottinger and Tobias Klauser.

Usage:  gpg-sign-keys.sh [options...] [-u keyids] [-f keyring] [keyids...]
        -f file  Get list of keyids to sign from keyring file
        -u ids   Key(s) to sign with, multiple -u id1 -u id2 or -u 'id1 id2'
        -x ids   eXceptions - don't process these keys (multiple like -u)
        -c addr  CC all signed key emails to address
        -b addr  BCC all signed key emails to address
        -a file  Append content of file to e-mail message
        -n name  Override your name normally obtained from /etc/passwd
        -y       Assume yes on most questions (-Y for no questions asked at all)
        -I       Don't import the -f keyring into the default keyring first
        -S       Don't sign any keys - just do the sending/mailing
        -K       Don't send signed keys to your default keyserver
        -M       Don't mail signed keys to key owners
        -E       Don't encrypt mails with owners key
        -U       Don't update the trustdb after processing all keys
        -v/-h    Display version/help and exit
The script will guide you through signing all keys in the -f keyring, or just
the keys explicitly specified. All GnuPG operations are done in your default
keyring. You will be asked to confirm every mail being sent unless -y is used.
The -u, -c, -b, -e and -n options override the env vars MYKEY, CC, BCC
and OWNER respectively. For more details, read the source.

Signature Matrix

Visualisation of signatures between keys of a group of keys, especially useful after keysigning events.

Signature Table

Visualisation of signatures on multiple uids of a key. Verify who has signed which UIDs on a key.