PIUS-KEYRING-MGR(1) General Commands Manual PIUS-KEYRING-MGR(1)

pius-keyring-mgr - PIUS (PGP Individual UID Signer) Keyring Manager

pius-keyring-mgr <mode> [options]

pius-keyring-mgr has several modes to manage keyrings. It was designed for signing parties, but can be used for any PGP keyring. The mode must be the first argument, with options as explained below.

-d, --debug
Enable debugging output.
-g PATH, --gpg-path=PATH
Path to gpg binary. [default: /usr/bin/gpg2]
-r KEYRING, --keyring=KEYRING
Use this keyring.
-v, --verbose
Print summaries.

The build mode is used most of the time. It can parse a CSV file, automatically look for keys, and email anyone whose key was not be found. This mode can also import keys from an mbox file. The options are:
-b MBOX-FILE, --mbox-file=MBOX-FILE
Parse MBOX-FILE and examine each message for PGP fingerprints or ascii-armored keys. Decodes messages as necessary.
-c CSV-FILE, --csv-file=CSV-FILE
Parse MBOX-FILE and import keys. You will almost certainly also want -D, -E, -F and -N.
-D DELIMITER, --delimiter=DELIMITER
Field delimiter to use when parsing CSV. Only meaningful with -c. [default: ',']
-E EMAIL-COLUMN, --email-field=EMAIL-COLUMN
Column number with the email address in the CSV file. Only meaningful with -c. [default: 3]
-F FINGERPRINT-COLUMN, --fp-field=FINGERPRINT-COLUMN
Column number with the GPG fingerprint in the CSV file. Only meaningful with -c. [default: 4]
-m FROM-EMAIL, --mail=FROM-EMAIL
Email people whose keys were not located, using FROM-EMAIL as sender.
-M FILE, --mail-text=FILE
Use the text in FILE as the body of email when sending emails instead of the default text. To see the default text use --print-default-email. Requires -m.
-N NAME-COLUMN, --name-field=NAME-COLUMN
Column number with the name in the CSV file. Only meaningful with -c. [default: 2]
-n TO-EMAIL, --override-email=TO-EMAIL
Rather than send to the user, send to this address. Mostly useful for debugging.
-p PARTY-NAME, --party=PARTY-NAME
The name of the party. Will be printed in the email sent out. Only useful with -m.
-s KEY-SERVER, --keyservers=KEY-SERVER
Try this keyserver. Specify once for each server (-s foo -s bar). [default: pool.sks-keyservers.net, pgp.mit.edu, keys.gnupg.net]
-t TEMP-DIR, --tmp-dir=TEMP-DIR
Directory to put temporary stuff in. [default: /tmp/pius_keyring_mgr_tmp]
-T, --print-default-email
Print the default email.
--ignore-emails=IGNORE-EMAILS
Comma-separated list of emails to ignore (no spaces).
--ignore-fingerprints=IGNORE-FINGERPRINTS
Comma-separated list of PGP fingerprints to ignore (no spaces).

The prune mode opens a keyring and, for each key, asks to remove it. Useful after a party to trim a keyring of people who didn't show, and before distributing the keyring to those who went. There are no options.

The raw mode passes options directly to gpg. Useful when adding keys by hand. Your options are added to those those necessary to work on the party keyring safely. (It does not load your personal keyring.) Your options must be passed after '--' to prevent pius-keyring-manager from interpreting them as its own.

Scan a CSV file and an MBOX for emails and write to anyone whose key was not found, using you@company.com as sender:
/usr/bin/pius-keyring-mgr build --csv-file /tmp/report --mbox-file
/tmp/mbox --mail you@company.com

Download a key and add it to the party keyring:

pius-keyring-mgr raw -r path/to/keyring.gpg -- --recv-key <keyid>

PIUS was written by Phil Dibowitz <phil@ipom.com>

This manual page was written by Felix Lechner <felix.lechner@gmail.com> for the Debian project, but may be used by others.

DECEMBER 2016