#!/bin/bash
#
# $Id: verifylist.sh,v 1.13 2003/04/14 15:40:48 mitch Exp $
#
# 2003 (c) by Christian Garbs <mitch@cgarbs.de>
# Licensed under Gnu GPL.
#
# Verify eMail-addresses by sending a OpenPGP encrypted mail.  Random
# text in every message.  Send a copy to myself for comparison of the
# replies.
#
# Key-IDs and eMail-addresses are read from stdin.  See makelist.sh
# for the generation of lists in a suitable format.
#
# Use -t to do a test run (mail is only sent to yourself).

# Who am I:
GREETINGS=Christian

# Send copies to:
MYSELF=mitch@mitch.h.shuttle.de

# This generates random text:
MESSAGE="Sig-news | (read;cat;echo)"
#MESSAGE="dd bs=16 count=1 if=/dev/random | mimencode"

############################################################

while read LINE; do
    KEYID="${LINE:0:8}"
    MAIL="${LINE:9}"
    SHORTMAIL=$( echo ${MAIL} | sed -e 's/^.*<//' -e 's/>.*$//' | grep @ )
    if [ ! -z ${SHORTMAIL} ] ; then

	if [ ! -z "${1}" -a "${1}" = "-t" ] ; then
	    SHORTMAIL=${MYSELF}
	fi

	echo ${KEYID} / ${MAIL}
	(
	    cat <<EOF
Hi there!

We recently have exchanged our OpenPGP keys.  Now I check if this mail
address really belongs to you.  Please reply to this email.  Your
reply should be signed and contain this cookie:

 -- BEGIN COOKIE --
EOF
	    eval "${MESSAGE}"
	    cat <<EOF
 --- END COOKIE ---

After receiving a valid reply, I will sign this uid and mail the
updated key to your primary address.

Regards,
EOF
	    echo "${GREETINGS}"
	) \
	    | gpg --encrypt --sign --armor --recipient ${KEYID} \
	    | mail -s "OpenPGP key ${KEYID} uid ${SHORTMAIL} verification" -c ${MYSELF} "${SHORTMAIL}"
    else
	echo "skipped (no mail):" ${KEYID} / ${MAIL}
    fi
done