get the trust level of an external key

Daniel Kahn Gillmor dkg at
Tue Jan 17 22:13:52 CET 2012

On 01/17/2012 02:50 PM, Jbar wrote:
> To save space in a keyring, I would like to store only full trusted key in it.
> Is there a way to check the trust level of an external certificate before to import it ? or are we forced to import it, check its 
> trust and then remove it (or not) ?

if you're talking about actual trust (meaning keys to which you have
assigned, say, marginal or full or ultimate ownertrust) then you can
just check the fingerprint against the info from:

 gpg --export-ownertrust

If instead, you're talking about the validity of User IDs, you should be
aware that this is not the same thing as trust (and that it can change
over time, e.g. as certifications expire, keys are revoked, etc).

For example, you might know for certain (via a fully-valid User ID) that
key X belongs to "Evil Bad Guy <badguy at>" -- but you might
not want to consider that a trusted key.

In either case, though, it's probably simplest to import the key to get
gpg to do any sort of sophisticated operations on it.

if you want to avoid contaminating one particular keyring, you could set
up multiple GNUPGHOME directories -- one for triage, and once a key has
passed triage, it could be exported into the "cleaner" keyring.  Whether
this is a useful arrangement probably depends on the needs and
implementation of the rest of your system, though.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120117/566b4dca/attachment.pgp>

More information about the Gnupg-devel mailing list