Grepular

Monitoring Expiry of GPG Keys

Written 2 months ago by Mike Cardwell

I’ve been using a small script to monitor when my PGP master and subkeys expire for a while now. You just supply it with an email address which can be used to locate the private key in your GnuPG keyring, and the number of days before expiry you want to start being alerted. It prints out nothing unless your key is within that expiry period range. You may find it useful:

#!/usr/bin/env perl
use strict;
use warnings;
use POSIX qw( mktime );

my $today = mktime(0,0,12,(localtime())[3..5]);

my @email   = grep( !/^\d+$/, @ARGV );
my( $days ) = grep( /^\d+$/,  @ARGV );

my %done = ();
foreach my $email (@email) {
  foreach my $line (split(/\r?\n/,`gpg --list-sigs $email 2>/dev/null`)) {
    next unless $line =~ /^([sp]ub) .+ \S+\/(\S+) \S+ \[expire[ds]: (\d+)-(\d+)-(\d+)\]$/;
    my( $type, $id, $expires ) = ( $1, $2, mktime(0,0,12,$5,$4-1,$3-1900) );

    next if exists $done{$id};
    $done{$id}=1;

    my $remaining = int(($expires - $today)/86400);
    if (!defined $days || $remaining <= $days) {
      print "PGP ${type}key $id expires in $remaining days ($email)\n";
    }
  }
}

My cron job runs daily and warns me when I’m within a week of expiry:

5 5 * * *   check_gpg_expiry.pl 7 mike.cardwell@example.com

Looking to hire somebody like me? I'm open to offers of full time employment and small contract jobs. Check out my hiring page. You can follow this Blog using RSS or . To read more, visit my blog index.

Feeling generous?BitcoinMoneroZcashPaypal