+log() {
+ echo "$@" >&2
+}
+
+output_no_valid_key() {
+ local sshKeyOffered
+ local userID
+ local type
+ local validity
+ local keyid
+ local uidfpr
+ local usage
+ local sshKeyGPG
+ local sshFingerprint
+
+ log "OpenPGP keys with*out* full validity found for this host:"
+ log
+
+ # retrieve the actual ssh key
+ sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+
+ userID="ssh://${HOSTP}"
+
+ # output gpg info for (exact) userid and store
+ gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+ --with-fingerprint --with-fingerprint \
+ ="$userID" 2>/dev/null)
+
+ # loop over all lines in the gpg output and process.
+ echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
+ while IFS=: read -r type validity keyid uidfpr usage ; do
+ case $type in
+ 'pub'|'sub')
+ # get the ssh key of the gpg key
+ sshKeyGPG=$(gpg2ssh "$keyid")
+
+ # if one of keys found matches the one offered by the
+ # host, then output info
+ if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
+
+ # get the fingerprint of the ssh key
+ tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
+ echo "$sshKeyGPG" > "$tmpkey"
+ sshFingerprint=$(ssh-keygen -l -f "$tmpkey" | awk '{ print $2 }')
+ rm -rf "$tmpkey"
+
+ # output gpg info
+ gpg --check-sigs \
+ --list-options show-uid-validity \
+ "$keyid" >&2
+
+ # output ssh fingerprint
+ log "RSA key fingerprint is ${sshFingerprint}."
+ log "Falling through to standard ssh host checking."
+ log
+ fi
+ ;;
+ esac
+ done
+}
+