#!/bin/sh
echo https://we.riseup.net/riseuplabs+paow/openpgp-best-practices
key="$1"

echo want version 4
gpg --export-options export-minimal --export "$key" | gpg --list-packets | grep version

echo want algo 1 RSA or algo 17 DSA-2
gpg --export-options export-minimal --export "$key" | gpg --list-packets | grep -A2 '^:public key packet:$' | grep algo

echo want bits 2048 or more
gpg --export-options export-minimal --export "$key" | gpg --list-packets | grep -A2 'public key' | grep 'pkey\[0\]:'

echo 'want no digest algo 1 (MD5) or 2 (SHA-1) - but ok if other algos'
gpg --export-options export-minimal --export "$key" | gpg --list-packets | grep -A 2 signature | grep 'digest algo '

echo want 3/2/1 after 11/10/9/8
gpg --export-options export-minimal --export "$key" | gpg --list-packets | grep 'pref-hash-algos'

echo want an expiry, want less than 5 years expiry
gpg --export-options export-minimal --export "$key" | gpg --list-packets | grep 'key expires after'