Joachim Breitner

Finding revoked signatures on a gpg key

Published 2007-06-19 in sections English, Digital World.

The Gnu Pricacy Guard seems to have the default option of setting an expiry date when the signed key has such a date. My gpg key used to have such an expiry day when I went to the first keysigning parties (LinuxTag, DebConf 3). I have removed the expiry date later, but still a lot of signatures are now no longer valid: While I have signed 310 keys, my key is currently (pre-DebConf 7) only has 170 valid signatures.

Tonight I wanted to find out what keys are these exactly, and after quite some trial and error I found a way to get that data, using only “real old unix tools” such as awk, sort, join:

gpg  --list-options show-sig-expire --fixed-list-mode --with-colons --list-sigs nomeata > my-sigs-col
cat my-sigs-col |awk -F: '$1 == "sig" && $7 != "" { print }' | sort -k 5,5 -t : -u > expired
cat my-sigs-col |awk -F: '$1 == "sig" && $7 == "" { print }' | sort -k 5,5 -t : -u > non-expired
join -v 1 -t : -j 5  expired non-expired > only-expired

Maybe I will use that list some time after DebConf7 to mail all these people, asking them to remove or update the expiry date from their signature.


Have something to say? You can post a comment by sending an e-Mail to me at <>, and I will include it here.