Deleting signatures question.

David Shaw dshaw@jabberwocky.com
Thu Aug 14 21:13:02 2003


On Thu, Aug 14, 2003 at 02:34:38PM +0100, Stewart V. Wright wrote:

> The WoT means that keys in my pubring.gpg are signed by various
> people.  Most of the time I do not have the additional keys to go with
> these signatures.
> 
> What I want to do is delete the signatures on keys in my pubring.gpg
> that I don't have the corresponding public keys for, and leave the
> ones that I do have the pubkeys.

[..]

> I suspect that short of doing it by hand (and the thought of 600+
> signatures in some cases) there is no way directly to do this in
> GnuPG.  Is that right?
> 
> I don't mind writing a script to do it, but can I delete the signature
> of keyId XXX from pubkey YYY from the command line?  Or will I have to
> use the '--edit-key' functionality and lose the batch advantage?

You would need to "drive" GnuPG via the --command-fd and --status-fd
interfaces.

> Points:
>  * I know that the next time I refresh my pubring I will get all the
>    unwanted signatures back, but if the process is automatic I can
>    just re-run the cleaning.
>  * This issue does not really have any relevance apart from the space
>    that I will save by not having the unnecessary signatures on my
>    "quota"ed account.

The ability to do what you describe has been requested occasionally
(along with the similar "delete all sigs that aren't self-sigs").  It
is on my list of things to look at.  It won't be in 1.2.3 though -
we're too close to release on that to start adding features like this.

Ideally, I'd like to handle it a way to avoid the problem with the
sigs coming back after a refresh.  I'm thinking of import options
"self-sigs-only" (don't import anything that isn't a self-sig, or a
designated revocation), and "known-sigs-only" (don't import a sig from
a key that isn't present on the local keyring).

David