Mailing List Archive

Hello Marc,

Am Montag 05 Juni 2023 16:49:55 schrieb broussard marc via Gnupg-users:
> It is the firs time that I am writing to the mailing list...

welcome!

> I would to launch a script each week end, to have a warning when for
> instance, when the key is expired 4 week later. In this case, early january
> 2025 I would like this warning.
>
> I think I can manage to do it with shell script (LINUX) ...

Another option would be to use GPGME which somehow is the official API
to access GnuPG functionality and usually more stable than parsing the output
yourself in a shell.

E.g. you can use python, see https://wiki.gnupg.org/APIs .

> but before, I would like to if there is a fonction in pgp which allow that
> or anything similar ? => does pgp can tell when the key is becoming soon
> expired?

At least I do not remember such a function.

But I have two more hints:
* See in the documentation for option -with-colons
if you really do want to parse the output yourself.
* Faking the time may help you, e.g. put it four weeks in the future.
See for the "esoteric" option --faked-system-time

Again, personally a python script would be my first choice.

Regards
Bernhard

On Mon, 5 Jun 2023 14:49, broussard marc said:

> => does pgp can tell when the key is becoming soon expired?

That is easy on Unix:

$ gpg --list-keys --with-colons \
| awk -F: -v days=60 \
'BEGIN { from=systime(); to=from+(days*86400)};\
$1=="pub" && $7 > from && $7 < to { found=1 };
$1=="fpr" && found {found=0; \
print "key " $10 " expires in the next " days " days"}'

A really proper solution would use a function to decode field 7 because
it may in the future be shown as YYYYMMDDTHHMMSS (actually gpgsm does it
this way).

I will consider to allow the expiration date for the --list-filter which
could then be used on Windows (i.e. w/o awk) as well.



Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Werner Koch wrote in
<875y7wvn4y.fsf@wheatstone.g10code.de>:
|On Mon, 5 Jun 2023 14:49, broussard marc said:
|
|> => does pgp can tell when the key is becoming soon expired?
|
|That is easy on Unix:
|
| $ gpg --list-keys --with-colons \
|| awk -F: -v days=60 \
| 'BEGIN { from=systime(); to=from+(days*86400)};\

Not _that_ easy ("date +%s" maybe, strftime(3) %s is old).

#?2|kent:$ awk 'END{print systime()}' </dev/null
1686316851
#?0|kent:$ mawk 'END{print systime()}' </dev/null
1686316853
#?0|kent:$ nawk 'END{print systime()}' </dev/null
nawk: calling undefined function systime
source line number 1
#?2|kent:$ busybox.static awk 'END{print systime()}' </dev/null
1686316860

| $1=="pub" && $7 > from && $7 < to { found=1 };
| $1=="fpr" && found {found=0; \
| print "key " $10 " expires in the next " days " days"}'
|
|A really proper solution would use a function to decode field 7 because
|it may in the future be shown as YYYYMMDDTHHMMSS (actually gpgsm does it
|this way).
|
|I will consider to allow the expiration date for the --list-filter which
|could then be used on Windows (i.e. w/o awk) as well.

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|~~
|..and in spring, hear David Leonard sing..
|
|The black bear, The black bear,
|blithely holds his own holds himself at leisure
|beating it, up and down tossing over his ups and downs with pleasure
|~~
|Farewell, dear collar bear

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

P.S.:

Steffen Nurpmeso wrote in
<20230609132434.xS7mR%steffen@sdaoden.eu>:
|Werner Koch wrote in
| <875y7wvn4y.fsf@wheatstone.g10code.de>:
||On Mon, 5 Jun 2023 14:49, broussard marc said:
||
||> => does pgp can tell when the key is becoming soon expired?
||
||That is easy on Unix:
||
|| $ gpg --list-keys --with-colons \
||| awk -F: -v days=60 \
|| 'BEGIN { from=systime(); to=from+(days*86400)};\
|
|Not _that_ easy ("date +%s" maybe, strftime(3) %s is old).
|
| #?2|kent:$ awk 'END{print systime()}' </dev/null
| 1686316851
| #?0|kent:$ mawk 'END{print systime()}' </dev/null
| 1686316853
| #?0|kent:$ nawk 'END{print systime()}' </dev/null
| nawk: calling undefined function systime
| source line number 1

Todd Millert of sudo/OpenBSD mentioned that nawk (Kernighan's one
true awk) got systime(), but it is on the [bsd-features] branch of
the github repo[1] only, taken over among other things by Aharon
Robbins of gawk (i had opened an issue; 'and switched my CRUX
Linux port to that branch).

[1] https://github.com/onetrueawk/awk.git

| #?2|kent:$ busybox.static awk 'END{print systime()}' </dev/null
| 1686316860
|
|| $1=="pub" && $7 > from && $7 < to { found=1 };
|| $1=="fpr" && found {found=0; \
|| print "key " $10 " expires in the next " days " days"}'
||
||A really proper solution would use a function to decode field 7 because
||it may in the future be shown as YYYYMMDDTHHMMSS (actually gpgsm does it
||this way).
||
||I will consider to allow the expiration date for the --list-filter which
||could then be used on Windows (i.e. w/o awk) as well.

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|~~
|..and in spring, hear David Leonard sing..
|
|The black bear, The black bear,
|blithely holds his own holds himself at leisure
|beating it, up and down tossing over his ups and downs with pleasure
|~~
|Farewell, dear collar bear

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Am Freitag 09 Juni 2023 14:25:01 schrieb Werner Koch via Gnupg-users:
> A really proper solution would use a function to decode field 7

And potentially filter for otherwise valid pubkeys. >;)

Best,
Bernhard

--
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter

P.P.S.: .. and getting off-topic ..

Leonardo Taccari posted a brilliant idea to the already closed
nawk issue that should not be concealed, to which i just now
responded

--- Forwarded from Steffen Nurpmeso <steffen@sdaoden.eu> ---
|Hello!
|
|Leonardo Taccari wrote in
| <onetrueawk/awk/issues/184/1586092193@github.com>:
||@sdaoden another possible way - that should work on all the AWKs - is:
||
||```awk
||BEGIN { srand(); t = srand(); print t }
||```
||
||When `srand()` is called without any argument it will start from the \
||current time of day.
|
|That is actually a brilliant idea!
|This works back to System V8 awk, and for BSD i am a bit out of
|ideas, CSRG repo shows nothing before 1994, though gawk came in
|earlier already.
|But anyway, for (at least) almost thirty years anywhere!

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|~~
|..and in spring, hear David Leonard sing..
|
|The black bear, The black bear,
|blithely holds his own holds himself at leisure
|beating it, up and down tossing over his ups and downs with pleasure
|~~
|Farewell, dear collar bear

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Marc,

On 09.06.23 10:37, Bernhard Reiter wrote:
> Another option would be to use GPGME which somehow is the official API
> to access GnuPG functionality and usually more stable than parsing the output
> yourself in a shell.
>
> E.g. you can use python, see https://wiki.gnupg.org/APIs .
as Bernhard explained you could also use a Python script. Here is one
you could use for a start:
https://heptapod.host/intevation/gnupg-scripts/-/blob/main/Python/list_expired_keys.py

Kind regards,
Christoph

--
Christoph Klassen | https://intevation.de
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter