#! /bin/sh
# Sign GPG key with all available secret keys 
# Best used with gpg agent: viz "eval $(gpg-agent --daemon)" prior to starting
#
# If SOURCE_KEYRING is defined then will try to import key from that keyring
# prior to actually starting the signing process.
#
# Select uids to sign: "uid N"
# Then "sign"
#
# (Once for each secret key availble)
#
# Then send key out.
#
# Written by Ewen McNeill <ewen@naos.co.nz>, 2010-04-09
#---------------------------------------------------------------------------

KEYID="${1}"
if [ -z "${KEYID}" ]; then
   echo "$0 KEYID" >&2
   exit 1
fi

SECRET_KEYS=$(gpg --list-secret-keys | awk '/^sec/ { print $2}' | cut -f 2 -d /)
SECRET_KEYS_EREGEX=$(echo ${SECRET_KEYS} | sed 's/ /|/g;')

if [ -n "${SOURCE_KEYRING}" -a -e "${SOURCE_KEYRING}" ]; then 
    gpg --keyring "${SOURCE_KEYRING}" --export "${KEYID}" | gpg --import
fi

gpg --fingerprint "${KEYID}"

for SECRET_KEY in ${SECRET_KEYS}; do
    echo ""
    echo "Chance to sign with key ${SECRET_KEY}..."
    echo ""
    gpg --use-agent --local-user "${SECRET_KEY}" --edit "${KEYID}"
done

if gpg --list-sigs "${KEYID}" | egrep "${SECRET_KEYS_EREGEX}"; then
    echo "Key ${KEYID} signed -- consider sending to user"
fi