#!/bin/bash
#
# $Id: key-party-signing,v 1.1 2004/06/19 11:50:37 suter Exp $
# Copyright (C) 2003 Mark Suter <mark.suter@miju.com.au>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

########################################################################
########################################################################
## __        __ _     ____   _   _  ___  _   _   ____ 
## \ \      / // \   |  _ \ | \ | ||_ _|| \ | | / ___|
##  \ \ /\ / // _ \  | |_) ||  \| | | | |  \| || |  _ 
##   \ V  V // ___ \ |  _ < | |\  | | | | |\  || |_| |
##    \_/\_//_/   \_\|_| \_\|_| \_||___||_| \_| \____|
##                                                    
## This is a shell script - it can not call mlock(2) or take any other
## steps to prevent your passphrase being left in memory (swap!).
##
## Your passphrase will be scattered throughout memory and possibly on
## disk via swap.  You have been warned.
##
########################################################################
########################################################################

## Your email address - CHECK THIS!
from="Mark Suter <suter@zwitterion.humbug.org.au>"

## Our "die" function (think perl)
function die () { echo "$@" 1>&2 ; exit 1 ; }

## Set our PATH and test for needed binaries
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
hash test mktemp gpg sort perl rm sendmail vi head || die $0: required binaries not present

## Some defaults
test -e ${EDITOR:=vi}

## Get the passphrase
echo -n "Passphrase: "
read -s passphrase

## A temp dir for the emails
emails=$(mktemp -d) || die $0: mktemp failed

## Rebuild our caches so this is faster
gpg --rebuild-keydb-caches

## Process each key
for keyid in $(gpg --homedir . --list-keys | sort +3 | perl -lne 'm{ ^ pub \s+ \d+ [DR] / (.{8}) \s}x and print $1') ; do

    ## Announce what we're doing
    perl -e 'printf("\n%s\n%s\n%s\n", "-" x 80, $ARGV[0], "-" x 80);' "Doing key $keyid"
    gpg --homedir .  --fingerprint $keyid

    ## Offer to skip the key :)
    action=""
    read -p "Sign this key (y/n) ? " -n 1 action ; echo
    if [ "$action" != "n" ] ; then

	## Sign the key
	gpg --homedir . --export $keyid | gpg --import --batch --quiet
	gpg --no-use-agent --passphrase-fd 3 --sign-key $keyid 3<<<"$passphrase"

	## Construct an email
	email=$emails/$keyid.email
	to=$(gpg --homedir . --list-keys $keyid | perl -lne 'm{pub \s+ \d+ [DR] / .{8} \s .*? <(\S+ @ \S+)> }x and print $1')
	echo "From: $from" > $email
	echo "To: $to" >> $email
	echo "Subject: signed key $keyid" >> $email
	echo "" >> $email
	gpg --export --armor $keyid | \
	    gpg --no-use-agent --passphrase-fd 3 --sign --encrypt --armour --recipient $keyid 3<<<"$passphrase" >> $email
	echo "" >> $email

	## Let the user handle the email
	action=""
	head -15 $email
	while [ "$action" != "d" -a "$action" != "m" ] ; do
	    read -p "$keyid: (d)elete, (e)dit, or (m)ail ? " action
	    case $action in
		"d" ) rm $email && echo deleted. ;;
		"e" ) $EDITOR $email ; head -15 $email ;;
		"m" ) sendmail -t -oi < $email && rm $email && echo mailed. ;;
		*   ) echo "Huh?" ;;
	    esac
	done

    fi

done

## Clean up
rmdir $emails || die $0: something weird happened - files left in $emails