Feature suggestion: --export-option no-include-untrusted-material

Michael Young mwy-gpg41 at the-youngs.org
Wed Jan 8 21:57:02 CET 2003

Once again, I'm looking for an automated way to extract only the
"valid" material (in PGP parlance) from a keyring.  That is, I'd like
only the keys that are associated with valid userIDs, and *only* the
valid userIDs on those keys.  The resulting keyring could be used
without further verification, with programs that don't do any
themselves (or with GnuPG using the --always-trust option).  This
will be particularly valuable if GnuPG offers more interesting
trust/validity models.

It's easy to extract only keys that contain *some* valid material,
but those keys can also contain invalid/untrusted names.

Weeding out invalid names is hard.  At first glance, you might think
that the "--edit-key" command would suffice.  Alas, it is virtually
impossible to use "deluid" from the command-line -- the ordering you
get from a "--list-keys" is not the same as the one you get inside the
"--edit-keys" interaction.  This forces you to follow the interactive
process using the "status-fd" mechanism, which is incredibly
convoluted for such a simple task.  In the past, I had suggested some
ways to make "--edit-keys" command more usable from the command-line,
perhaps in conjunction with an "--expert" disclaimer.

I now see another more natural way to add my desired function to the
command set: as an "--export-options" flag.  For example,
    --export-options no-include-untrusted-material
or some such.  Other flags have a filter-like flavor to them;
this seems to fit in nicely.

Does this seem reasonable?

More information about the Gnupg-devel mailing list