Refresh-pubring
A script to refresh your GnuPG public keyring in a piecewise fashion
Do you need to partially refresh your keyring?
Do you use GnuPG to protect your privacy? No?!? You should really begin doing so as soon as possible! In case you already do (well done!), you obviously need to keep your public keyring up-to-date, because people you know go on modifying their public keys (new signatures are added, new identities are created or revoked, expire dates are changed, and so forth...). As you probably know, the easiest way to update your keyring is refreshing it against a publicly accessible keyserver.
So here you go: after configuring your GnuPG to use your
favorite keyserver, you are ready to fetch new public keys, and
to refresh the ones you already have.
A line like the following:
keyserver hkp://pool.sks-keyservers.net
in your ~/.gnupg/gpg.conf will tell your GnuPG to use a keyserver from that pool, unless otherwise instructed. You can then download my public key, if you have not done it before:
$ gpg --recv-key 3E1C27E11F69BFFE
or update it, if you already have it in your keyring:
$ gpg --refresh-keys 3E1C27E11F69BFFE
OK, but this is boring if done manually for each key in your keyring! Fortunately you can refresh your entire keyring with a single command:
$ gpg --refresh-keys
There's a problem, though. Maybe you have a slow Internet connection and a big keyring. Or, for whatever other reason, you cannot (or do not want to) refresh your entire keyring in a single move.
This is what Refresh-pubring is useful for: refreshing your keyring in a piecewise fashion!
Refresh-pubring: how it works
Refresh-pubring is a little script that refreshes a given number of keys, and remembers which 'point' in your keyring it got to, so that it will be able to move on to new keys, next time it is run.
It is distributed under the terms of the Expat license: you can download version 0.10. Its dependencies are: a POSIX shell, basename(1), head(1), a POSIX grep command, a POSIX AWK interpreter, and, of course, GnuPG.
Refresh-pubring is not difficult to use. Simply run it with no command-line arguments and you will refresh one key:
$ refresh-pubring found 305 keys in keyring... gpg: refreshing 1 key from hkp://keys.gnupg.net gpg: requesting key XXXXXXXX from hkp server keys.gnupg.net gpg: key XXXXXXXX: "Alice (in Wonderland) <alice@wonderland.example>" not changed gpg: Total number processed: 1 gpg: unchanged: 1
Run it with a (positive integer) number as argument and you will refresh that number of keys:
$ refresh-pubring 4 found 305 keys in keyring... gpg: refreshing 4 keys from hkp://keys.gnupg.net gpg: requesting key XXXXXXXX from hkp server keys.gnupg.net gpg: requesting key YYYYYYYY from hkp server keys.gnupg.net gpg: requesting key ZZZZZZZZ from hkp server keys.gnupg.net gpg: requesting key WWWWWWWW from hkp server keys.gnupg.net gpg: key XXXXXXXX: "Bob Braveheart <Bob.Braveheart@bobnet.example>" not changed gpg: key YYYYYYYY: "Chuck Crazydog (Chucky) <chucky@crazydogs.example>" 13 new signatures gpg: key ZZZZZZZZ: "Debra D'Agostino <debra@debby.example>" not changed gpg: key WWWWWWWW: "Eugene Edward Edmonds <eee@triple-e.example>" 83 new signatures gpg: Total number processed: 4 gpg: unchanged: 2 gpg: new signatures: 96 gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: depth: 0 valid: 1 signed: 13 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 13 signed: 32 trust: 3-, 0q, 0n, 4m, 6f, 0u gpg: depth: 2 valid: 19 signed: 109 trust: 17-, 2q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2007-03-03
This work can be redistributed and/or modified under the terms of the Expat license. It comes with absolutely no warranty. See the permission notice for details.