+# output the index of a user ID on the host key
+# return 1 if user ID not found
+find_host_userid() {
+ local userID="$1"
+ local tmpuidMatch
+ local line
+
+ # match to only ultimately trusted user IDs
+ tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+ # find the index of the requsted user ID
+ # NOTE: this is based on circumstantial evidence that the order of
+ # this output is the appropriate index
+ line=$(gpg_host_list | egrep '^(uid|uat):' | cut -f2,10 -d: | \
+ grep -n -x -F "$tmpuidMatch" 2>/dev/null)
+
+ if [ "$line" ] ; then
+ echo ${line%%:*}
+ return 0
+ else
+ return 1
+ fi
+}
+
+# show info about the host key
+show_key() {
+ local GNUPGHOME
+ local TMPSSH
+ local revokers
+
+ # tmp gpghome dir
+ export GNUPGHOME=$(msmktempdir)
+
+ # trap to remove tmp dir if break
+ trap "rm -rf $GNUPGHOME" EXIT
+
+ # import the host key into the tmp dir
+ gpg --quiet --import <"$HOST_KEY_FILE"
+
+ # create the ssh key
+ TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub
+ gpg --export | openpgp2ssh 2>/dev/null >"$TMPSSH"
+
+ # get the gpg fingerprint
+ HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
+ | grep '^fpr:' | cut -d: -f10 )
+
+ # list the host key info
+ # FIXME: make no-show-keyring work so we don't have to do the grep'ing
+ # FIXME: can we show uid validity somehow?
+ gpg --list-keys --fingerprint \
+ --list-options show-unusable-uids 2>/dev/null \
+ | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+ | egrep -v '^-+$'
+
+ # list revokers, if there are any
+ revokers=$(gpg --list-keys --with-colons --fixed-list-mode \
+ | awk -F: '/^rvk:/{ print $10 }' )
+ if [ "$revokers" ] ; then
+ echo "The following keys are allowed to revoke this host key:"
+ for key in $revokers ; do
+ echo "revoker: $key"
+ done
+ echo
+ fi
+
+ # list the pgp fingerprint
+ echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
+
+ # list the ssh fingerprint
+ echo -n "ssh fingerprint: "
+ ssh-keygen -l -f "$TMPSSH" | awk '{ print $1, $2, $4 }'
+
+ # remove the tmp file
+ trap - EXIT
+ rm -rf "$GNUPGHOME"