multiple copies of the self-signature on the key

David Shaw dshaw at
Wed Jun 14 14:05:22 CEST 2006

On Wed, Jun 14, 2006 at 12:29:03PM +0200, Janusz A. Urbanowicz wrote:
> Hi, I am under an impression I reported that some time (~2 years) ago:
> I have a setup where I send (and update) my pubkey to remote amchines
> by downloading it from the keyserver network. Over time, preferences
> are updated, subkeys are crosscertified. And new and new
> self-signatures deposite on the key with old not being flushed. What
> can I do with that?

You can't stop the keyservers from storing all copies of your
selfsig.  They have no crypto support so have no way to tell which (if
any) is the "right" one to keep.

In GPG, if you set:
   import-options import-clean
   keyserver-options import-clean

You'll automatically strip out the unusable selfsigs (as well as
unusable other stuff like multiple expired signatures) upon import.

You can do the same on a key by key basis with --edit-key and the
"clean" command.


More information about the Gnupg-devel mailing list