gpgkey_el7

#!/bin/bash
# This script requires GnuPG 2.2 or higher, this is only available on EL7
# with the following package: https://copr.fedorainfracloud.org/coprs/icon/lfit/package/gnupg22-static
# After installing the package, create the following symlink as well
# ln -s /usr/bin/pinentry /opt/gnupg22/bin/pinentry
#
# Set the following line in any user that should use these binaries:
# export PATH=/opt/gnupg22/bin:$PATH

# Get keygrips
keygrip_sign=$(gpg --list-secret-keys --with-keygrip | grep -A 2 "^sec" | grep Keygrip | sed 's/.* = //')
keygrip_enc=$(gpg --list-secret-keys --with-keygrip | grep -A 1 "\[E\]" | grep Keygrip | sed 's/.* = //')
keygrip_ssh=$(gpg --list-secret-keys --with-keygrip | grep -A 1 "\[A\]" | grep Keygrip | sed 's/.* = //')

function check() {
  for kg in $keygrip_sign $keygrip_enc $keygrip_ssh
  do
    gpg-connect-agent "keyinfo --list" /bye | grep $kg | grep " 1 " > /dev/null 2>&1
    test $? -ne 0 && echo "$kg is not loaded"
  done
}

function unlock() {
  read -sp "Enter Passphrase: " passphrase

  for kg in $keygrip_sign $keygrip_enc $keygrip_ssh
  do
    /opt/gnupg22/libexec/gpg-preset-passphrase -c $kg <<< $passphrase
  done
}

function lock() {
  for kg in $keygrip_sign $keygrip_enc $keygrip_ssh
  do
    gpg-connect-agent "clear_passphrase --mode=normal $kg" /bye
    /opt/gnupg22/libexec/gpg-preset-passphrase -f $kg
  done
}

case "$1" in
  "-c")
     check
  ;;
  "-l")
     lock
  ;;
  "-u")
     unlock
  ;;
esac