[hokey-lint]
flags = keys
apt = hopenpgp-tools
files = *.pgp *.gpg
types = application/x-pgp-keyring
command = cat {files} | hokey lint
comment =
 If you contact the owners of these keys, please point out OpenPGP best practices:
 https://help.riseup.net/en/security/message-security/openpgp/best-practices

[hokey-lint-asc]
flags = keys
apt = hopenpgp-tools
files = *.asc
command = cat {files} | hot dearmor | hokey lint
comment =
 If you contact the owners of these keys, please point out OpenPGP best practices:
 https://help.riseup.net/en/security/message-security/openpgp/best-practices

[pgp-private-key]
flags = keys
command = grep -rPzl '(?s)-----BEGIN PGP PRIVATE KEY BLOCK-----.*-----END PGP PRIVATE KEY BLOCK-----' .

[insecure-recv-keys]
flags = keys
comment = Only ever use the full fingerprint when downloading keys
command = grep -nHrP '\b(?:apt-key|gpg2?)\b.*--recv(-keys?)?\s+(0x)?[0-9a-fA-F]{{1,31}}\b' .

# vim:ft=dosini
