How to delete gpg secret keys by force, without fingerprint?

It's accident generated a bulk of secret keys (without public key) in the GPG key ring, and I have written a script to delete those keys, but GPG doesn't allow me to do that:

$ gpg --batch --yes --delete-secret-keys KEYS
gpg: can't do this in batch mod
gpg: (unless you specify the key by fingerprint)

well I know what I'm doing and I know there may be duplicated key-id(s), but there seems no way to force to delete them, though the following doesn't work, too:

$ yes | gpg --delete-secret-keys KEYS

Any idea?

Xiè Jìléi

Posted 2010-08-11T09:08:49.063

Reputation: 14 766

Answers

Use gpg --list-secret-keys --with-colons --fingerprint to generate the list of fingerprints in an easily parsable format. Grab the lines of the form fpr:::::::::xxxx: that correspond to the keys you want to delete, and pass the fingerprints (the xxxx) to gpg --batch --delete-secret-keys.

The following command generates all secret key fingerprints. Be sure to select only the ones you want to delete!

gpg --list-secret-keys --with-colons --fingerprint | sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p'

Gilles 'SO- stop being evil'

Posted 2010-08-11T09:08:49.063

Reputation: 58 319

Great! I thought the fingerprint is only available in public keys. – Xiè Jìléi – 2010-08-11T09:47:25.047

Oops! I'm wrong, the fingerprint couldn't be fetched from, the command yeilds:

gpg: key XXXXXXXX: secret key without public key - skipped
gpg: error reading key: secret key not availble

In fact, I'm just wondering why `yes | ...' doesn't work, and I think the only way is patch on gpg. Thanks – Xiè Jìléi – 2010-08-11T09:56:54.527

I know this topic is old, and that the answer kinda looks like Gilles one, but I think it answers the question totally (since I had the same kind of problems as OP) :

for i in `gpg --with-colons --fingerprint | grep "^fpr" | cut -d: -f10`; do gpg --batch --delete-secret-keys "$i" ; done

Dolanor

Posted 2010-08-11T09:08:49.063

Reputation: 366

I combined the answers by Gilles and Dolanor into this one liner that is useful in case you want to delete a specific key:

gpg --fingerprint --with-colons ${GPG_KEY} |\
    grep "^fpr" |\
    sed -n 's/^fpr:::::::::\([[:alnum:]]\+\):/\1/p' |\
    xargs gpg --batch --delete-secret-keys

Not answering the original question, but might be useful for someone else.

Nikolaos Georgiou

Posted 2010-08-11T09:08:49.063

Reputation: 111

Export the keys you want to keep, delete the file and then recreate your ring.

Aaron Digulla

Posted 2010-08-11T09:08:49.063

Reputation: 6 035

I'd rather prefer to patch & recompile gpg. – Xiè Jìléi – 2010-08-11T09:30:52.953