Deleting signatures question.
Thu Aug 14 21:13:02 2003
On Thu, Aug 14, 2003 at 02:34:38PM +0100, Stewart V. Wright wrote:
> The WoT means that keys in my pubring.gpg are signed by various
> people. Most of the time I do not have the additional keys to go with
> these signatures.
> What I want to do is delete the signatures on keys in my pubring.gpg
> that I don't have the corresponding public keys for, and leave the
> ones that I do have the pubkeys.
> I suspect that short of doing it by hand (and the thought of 600+
> signatures in some cases) there is no way directly to do this in
> GnuPG. Is that right?
> I don't mind writing a script to do it, but can I delete the signature
> of keyId XXX from pubkey YYY from the command line? Or will I have to
> use the '--edit-key' functionality and lose the batch advantage?
You would need to "drive" GnuPG via the --command-fd and --status-fd
> * I know that the next time I refresh my pubring I will get all the
> unwanted signatures back, but if the process is automatic I can
> just re-run the cleaning.
> * This issue does not really have any relevance apart from the space
> that I will save by not having the unnecessary signatures on my
> "quota"ed account.
The ability to do what you describe has been requested occasionally
(along with the similar "delete all sigs that aren't self-sigs"). It
is on my list of things to look at. It won't be in 1.2.3 though -
we're too close to release on that to start adding features like this.
Ideally, I'd like to handle it a way to avoid the problem with the
sigs coming back after a refresh. I'm thinking of import options
"self-sigs-only" (don't import anything that isn't a self-sig, or a
designated revocation), and "known-sigs-only" (don't import a sig from
a key that isn't present on the local keyring).