gpg's new --import-filter and --export-filter options

[Werner Koch]

Hi!

I just pushed some code to implement a framework for filtering packets
during import and export.   Say you have a file with a key and you want
to strip it down so that it has only one user id.  This can even be done
without the need to store and later delete the key from the keyring:

  gpg --no-options --import-options import-export       \
      --import-filter keep-uid='mbox = joe at example.org' \
      --import  < full-key.pub > key-with-one-uid.pub

the notable features are

  - "import-export" which writes the key to stdout instead of storing it
     in the keyring.

  - "--import-filter TYPE=EXPR" which does the actual filtering.

Wiithout "import-export" the key would be imported with only the given
user id (it might get merged with an ecxisting one, though).  If you
want to import more user IDs you could change the value of
--import-filter for example to

   keep-uid='mbox =~ @example.org' 

to keep all user ids with that domain in the addr-spec, or
  
   keep-uid='mbox !~ @example.org && mbox !~ @example.net' 

to import all user ids except for those from that two example domains.

The export filter works similar.  The filter options and their
properties are described in the man page ("uid" and "mbox" - "primary
does not yet work correctly).  The description of the expression syntax
is not yet in the man page but below you will find the respective source
code comment.


Shalom-Salam,

   Werner


===========
/* Parse an expression.  The expression syntax is:
 *
 *   [<lc>] {{<flag>} PROPNAME <op> VALUE [<lc>]}
 *
 * A [] indicates an optional part, a {} a repetition.  PROPNAME and
 * VALUE may not be the empty string.  White space between the
 * elements is ignored.  Numerical values are computed as long int;
 * standard C notation applies.  <lc> is the logical connection
 * operator; either "&&" for a conjunction or "||" for a disjunction.
 * A conjunction is assumed at the begin of an expression and
 * conjunctions have higher precedence than disjunctions.  If VALUE
 * starts with one of the characters used in any <op> a space after
 * the <op> is required.  A VALUE is terminated by an <lc> unless the
 * "--" <flag> is used in which case the VALUE spans to the end of the
 * expression.  <op> may be any of
 *
 *   =~  Substring must match
 *   !~  Substring must not match
 *   =   The full string must match
 *   <>  The full string must not match
 *   ==  The numerical value must match
 *   !=  The numerical value must not match
 *   <=  The numerical value of the field must be LE than the value.
 *   <   The numerical value of the field must be LT than the value.
 *   >=  The numerical value of the field must be GT than the value.
 *   >=  The numerical value of the field must be GE than the value.
 *   -n  True if value is not empty (no VALUE parameter allowed).
 *   -z  True if value is empty     (no VALUE parameter allowed).
 *   -t  Alias for "PROPNAME != 0"  (no VALUE parameter allowed).
 *   -f  Alias for "PROPNAME == 0"  (no VALUE parameter allowed).
 *
 * Values for <flag> must be space separated and any of:
 *
 *   --  VALUE spans to the end of the expression.
 *   -c  The string match in this part is done case-sensitive.
 *
 * For example four calls to recsel_parse_expr() with these values for
 * EXPR
 *
 *  "uid =~ Alfa"
 *  "&& uid !~ Test"
 *  "|| uid =~ Alpha"
 *  "uid !~ Test"
 *
 * or the equivalent expression
 *
 *  "uid =~ Alfa" && uid !~ Test" || uid =~ Alpha" && "uid !~ Test"
 *
 * are making a selector for records where the "uid" property contains
 * the strings "Alfa" or "Alpha" but not the String "test".

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf  <https://openpgp-conf.org> */