+
+ # some crazy piping here that takes the output of gpg and
+ # pipes it into a "while read" loop that reads each line
+ # of standard input one-by-one.
+ gpg --fixed-list-mode --list-key --with-colons \
+ --with-fingerprint ="$userID" 2> /dev/null | \
+ cut -d : -f 1,2,5,10,12 | \
+ while IFS=: read -r type validity keyid uidfpr capability ; do
+ # process based on record type
+ case $type in
+ 'pub')
+ # new key, wipe the slate
+ keyOK=
+ keyCapability=
+ keyFingerprint=
+ # check primary key validity
+ if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ continue
+ fi
+ # check capability is not Disabled...
+ if echo "$capability" | grep -q 'D' ; then
+ continue
+ fi
+ # check capability is Encryption and Authentication
+ # FIXME: make more flexible capability specification
+ # (ie. in conf file)
+ if echo "$capability" | grep -q -v 'E' ; then
+ if echo "$capability" | grep -q -v 'A' ; then
+ continue
+ fi
+ fi
+ keyCapability="$capability"
+ keyOK=true
+ keyID="$keyid"
+ ;;
+ 'fpr')
+ # if key ok, get fingerprint
+ if [ "$keyOK" ] ; then
+ keyFingerprint="$uidfpr"
+ fi
+ ;;
+ 'uid')
+ # check key ok and we have key fingerprint
+ if [ -z "$keyOK" -o -z "$keyFingerprint" ] ; then
+ continue
+ fi
+ # check key validity
+ if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+ continue
+ fi
+ # check the uid matches
+ if [ "$(unescape "$uidfpr")" != "$userID" ] ; then
+ continue
+ fi
+ # convert the key
+ # FIXME: needs to apply extra options if specified
+ echo -n " valid key found; generating ssh key(s)... "
+ userIDHash=$(echo "$userID" | sha1sum | awk '{ print $1 }')
+ # export the key with gpg2ssh
+ #gpg --export "$keyFingerprint" | gpg2ssh "$mode" > "$cacheDir"/"$userIDHash"."$keyFingerprint"
+ # stand in until we get dkg's gpg2ssh program
+ gpg2ssh_tmp "$mode" "$keyID" "$userID" > "$cacheDir"/"$userIDHash"."$keyFingerprint"
+ if [ "$?" = 0 ] ; then
+ echo "done."
+ else
+ echo "error."
+ fi
+ ;;
+ esac
+ done