Feature suggestion: --export-option no-include-untrusted-material
Michael Young
mwy-gpg41 at the-youngs.org
Wed Jan 8 21:57:02 CET 2003
Once again, I'm looking for an automated way to extract only the
"valid" material (in PGP parlance) from a keyring. That is, I'd like
only the keys that are associated with valid userIDs, and *only* the
valid userIDs on those keys. The resulting keyring could be used
without further verification, with programs that don't do any
themselves (or with GnuPG using the --always-trust option). This
will be particularly valuable if GnuPG offers more interesting
trust/validity models.
It's easy to extract only keys that contain *some* valid material,
but those keys can also contain invalid/untrusted names.
Weeding out invalid names is hard. At first glance, you might think
that the "--edit-key" command would suffice. Alas, it is virtually
impossible to use "deluid" from the command-line -- the ordering you
get from a "--list-keys" is not the same as the one you get inside the
"--edit-keys" interaction. This forces you to follow the interactive
process using the "status-fd" mechanism, which is incredibly
convoluted for such a simple task. In the past, I had suggested some
ways to make "--edit-keys" command more usable from the command-line,
perhaps in conjunction with an "--expert" disclaimer.
I now see another more natural way to add my desired function to the
command set: as an "--export-options" flag. For example,
--export-options no-include-untrusted-material
or some such. Other flags have a filter-like flavor to them;
this seems to fit in nicely.
Does this seem reasonable?
More information about the Gnupg-devel
mailing list