Batch importing caff signatures

Having swapped details with many, many people at Debconf, and then been away for a week after that, I found myself with an overflowing mailbox and a long task of “open mail, provide pass-phrase, pipe to gpg --import“. I wanted a way to batch-import all these signatures (there are three times as many, because my key has three UIDs) in one or two goes, and tidy up the stragglers later.

David Bremner wrote a small Perl script to do this from an mbox file, but I wanted to work in pure shell and with mutt. Just shoving the mbox at gpg resulted in it decrypting one message, then bailing at the fact the IDEA plugin is not present.

Here was my eventual workflow, which only requires you to provide the pass-phrase once:

  1. create a maildir, either with maildir-make or a directory with cur, new and tmp directories nested inside;
  2. mark all relevant messages as read, and save them to here (it doesn’t matter if others get caught up in it);
  3. now change to the {maildir}/cur directory, and run the following bash (disclaimer: totally untested and used at your own risk):

    for a in `ls`; do mv $a $a.gpg; done
    gpg --decrypt-files *.gpg
    rm *.gpg
    gpg --import *
    rm *

I expect there are better/quicker/safer ways to do it, but this worked well for me at midnight on a Monday evening.

19/08/10: Yes, it turns out I am a numpty, and Mutt can handle this all by itself with Ctrl-K and a tagged list. This is still quite handy when the private key is not on the machine you’re using to read mail, though.

Thanks for the corrections.


  1. gregoa says:

    mutt’s Ctrl-k works quite well for me (extract-keys), and with tagging all relevant mails (and gpg-agent), it’s just a few keystrokes

  2. I’m not sure whether you are over-engineering it or not, but unless I’m missing something, I’ve already what you are asking for, without needing to write any additional glue. I do it that way:

    – a specific mailbox (actually maildir, but it isn’t relevant) where caff signatures land. Here is the trivial procmail rule:

    * ^Subject: Your signed PGP key

    – from time to time I open that maildir within mutt, tag all messages, and do CTRL-K which automatically extract all signatures and import them in my personal keyring

    – regarding the passphrase, I use gpg-agent, which does the caching in a safe way already

    Just my 0.02€,

  3. You don’t even need gpg-agent. Mutt will cache your gpg passphrase, too, for a limited amount of time (and you can use Ctrl-F to force it to forget the passphrase).

  4. Gunnar says:

    And nobody has said this yet – You can tag several messages and process them all together. So, my workflow is:

    • Add a Procmail rule similar to the one Zack mentions
    • Wait some days, to have some dozens of keys pending import
    • Enter (with mutt) the GPG mailbox and tag all of the relevant messages (either with a long keypress on «t» or on a catchall pattern to «T», such as just «.»
    • Import all of them! «;» performs an action on all of the tagged messages, so «;Ctrl-K» will import all of your pending keys
    • Give the GPG passphrase. Once. Yes, that’s all
    • Profit!
  5. mirabilos says:

    for a in `ls`; do mv $a $a.gpg; done


    for a in *; do…

Comments are closed.