- # if one of keys found matches the one offered by the
- # host, then output info
- if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
- log "An OpenPGP key matching the ssh key offered by the host was found:"
- log
-
- # do some crazy "Here Strings" redirection to get the key to
- # ssh-keygen, since it doesn't read from stdin cleanly
- sshFingerprint=$(ssh-keygen -l -f /dev/stdin \
- <<<$(echo "$sshKeyGPG") | \
- awk '{ print $2 }')
-
- # get the sigs for the matching key
- gpgSigOut=$(gpg --check-sigs \
- --list-options show-uid-validity \
- "$keyid")
-
- # output the sigs, but only those on the user ID
- # we are looking for
- echo "$gpgSigOut" | awk '
-{
-if (match($0,"^pub")) { print; }
-if (match($0,"^uid")) { ok=0; }
-if (match($0,"^uid.*'$userID'$")) { ok=1; print; }
-if (ok) { if (match($0,"^sig")) { print; } }
-}
-' >&2
- log
-
- # output the other user IDs for reference
- if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then
- log "Other user IDs on this key:"
- echo "$gpgSigOut" | grep "^uid" | grep -v "$userID" >&2
- log
+ # if a key was retrieved from the host...
+ if [ "$sshKeyOffered" ] ; then
+
+ # if one of keys found matches the one offered by the
+ # host, then output info
+ if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+ log info <<EOF
+An OpenPGP key matching the ssh key offered by the host was found:
+EOF
+
+ show_key_info "$keyid" | log info
+
+ # this whole process is in a "while read"
+ # subshell. the only way to get information
+ # out of the subshell is to change the return
+ # code. therefore we return 1 here to
+ # indicate that a matching gpg key was found
+ # for the ssh key offered by the host
+ return 1