#!/bin/sh
KEYSERVER="wwwkeys.de.pgp.net"
KEYID=$1

TMP=$(mktemp -d)

cleanup() {
    rm -fr "$TMP"
}

trap cleanup INT EXIT

GPG_HOME="$TMP/gpg"
mkdir -p "$GPG_HOME"
chmod go-rx "$GPG_HOME"
> $GPG_HOME/pubring.gpg
> $GPG_HOME/secring.gpg

GPG="gpg --homedir "$GPG_HOME" --no-options --no-default-keyring --batch"

$GPG -q --no-tty --keyserver $KEYSERVER --recv-keys $KEYID || exit 1

cat <<EOF

Please compare the key identity and the key fingerprint below to an
independent source to confirm its integrity.

EOF

$GPG --fingerprint $KEYID

#$GPG --with-fingerprint --with-colons --list-key $KEYID | awk -F: '
#    $1=="pub" {
#        print "User ID:\t" $10;
#    }
#    $1=="fpr" { 
#        print "Fingerprint:\t" $10;
#    }
#'

echo

CONFIRMATION="Yes, I will"

echo "Do your trust this key and wish to add it to your apt keyring?"
echo "So answer with '$CONFIRMATION'."
read -p " > " ANSWER

if [ "$ANSWER" = "$CONFIRMATION" ]; then
    echo "Adding key to apt keyring..."
    $GPG --export $KEYID | apt-key add -
else
    echo "Aborting, key has _not_ been added."
fi