GnuPG pubring key checker

We are happy to announce a prototype tool that can help identify keys on a GnuPG public key ring (e.g. ~/.gnupg/pubring.gpg) that are expired, revoked or due to expire within a configured number of days. This script, gpg-ring-check can be found on the tools page.

gpg-ring-check is currently a prototype. We have verified it works on a number of current Linux distributions, but have also verified it doesn't currently work properly on a current Mac OS X machine with GPGTools installed and also not with 2.x versions of GnuPG. We hope to provide an updated version in the future that will handle all the different operating systems GnuPG runs on as well as all versions of GnuPG. We'll also happily accept patches and fixes from the community.

Using this tool is as easy as running it on the command line without any arguments to get a usage message. Each option should be self explanatory. By default the script will look for a pubring.gpg file in ~/.gnupg/pubring.gpg directory, but you may specify an alternate location. If run with the -a option and a parameter specifying the number of days from the current date, it'll look for display the keys that are revoked, have expired or will expire within the specified number of days. The DRG uses PGP extensively and we find this tool helpful to help alert us to keys on our keyring that become unusable or are about to expire. We hope you too find this script useful. We'd love to hear from you with feedback.

posted at 12:00 am | permanent link

About DRG

Apply to DRG

Host a DRG Distro Pod

Insight & Analysis


Weekend Reads


Security Innovation Grant

Mailing lists

DRG PGP public key

Follow us on Twitter Follow DragonResearch on Twitter

Feedback: dragon@dragonresearchgroup.org