Extracting valid content; command line use of --edit-key

Michael Young mwy-gpg41 at the-youngs.org
Tue Apr 2 01:11:01 CEST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm trying to build a script to extract just the valid
keys and names from a keyring, and have run up against
limitations in the batch handling of "--edit-key" commands.
Specifically, if I have a key with several names:
    pub:f:1024:17:E5ED2A5D040A01BB:1017675295:1022859295:238:-:::scESC:
    fpr:::::::::4E2CFFB61B8F6913E44E923BE5ED2A5D040A01BB:
    uid:q::::::::bogus <bogus at example.com>:
    uid:q::::::::bad guy:
    uid:f::::::::good guy:
    sub:f:1024:16:5717F6E03AA6AB8E:1017675297:1022859297:238::::e:
I'd like to be able to issue the following command:
    gpg --batch --edit-key 0x4E2CFFB61B8F6913E44E923BE5ED2A5D040A01BB uid 2
deluid save
to eliminate one of the dubious names.

Alas, this fails:
    gpg: Sorry, we are in batchmode - can't get input.

None of the "--no-tty", "--yes", or "--quiet" switches has an effect.

I've tried using the "--command-fd" switch to no avail.  It does
eliminate the message, but that's not all.  Depending on the other
switches, it either: exits without saving (with a "Key not changed
so no update needed" message, or nothing at all); or, hangs waiting
for input without a prompt (and then exits without saving after
any input).  [In case it matters, and I could see that being the
case here, I've been using the Windows binary for this experimentation.]

Before I get into debugging this, is there another combination
of switches that does what I want?  Or have I run across a bug
that has been fixed since the stable 1.0.6?  If I do need to
fix it, how do you want it to work?

I'm also open to other solutions to my original problem.  If there's
a way to extract the valid subset in the first place, instead of
removing the invalid content, that would be even better.  As you
can see, it need not be a single command -- I can live with a script.

[Why do I want to do any of this?  I'd like to generate a keyring
for use with programs that have inadequate trust/validity rules;
for example, many remailer clients do no checking whatsoever.
Such a keyring could also be used with GnuPG, using "--always-trust".
I'd like to be able to update the keyring automatically (for example,
via keyserver, e-mail, or web pages), but only pick up valid material.]

Thanks for any help you can offer!


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA+AwUBPKjZjVMkvpTT8vCGEQIQawCXeledx3ABTnJrlZj/Lv22SdSlJwCgwIBL
r5NlEMaKrp2bydnhJXejnJg=
=3iiY
-----END PGP SIGNATURE-----






More information about the Gnupg-devel mailing list