Exporting only trusted public keys
Neil Williams
linux@codehelp.co.uk
Thu Aug 21 00:29:02 2003
--Boundary-02=_Qb/Q/3LCVw6rG/N
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Wednesday 20 Aug 2003 10:33 pm, Neil Williams wrote:
> With a keyring of >400 now, I know that I have approx 150 completely
> redundant keys in the keyring - usually keys imported to validate one-off
> emails or wrongly imported to try and form a web of trust. These show up =
in
> KGPG as Trust:?
After a little thought, I came up with these commands:
1. Retrieve details of only trusted keys:
$ gpg --list-keys --with-colons | grep "pub:[u|f|m]:" > trusted.txt
2. use perl to obtain the 16character keyid form:
$ cat trusted.txt | perl -e 'while (<>) { $_ =3D~ /([A-Z0-9]{16})/;print "$=
1 "}'=20
> export.txt
3. Export each keyid into one keyring.
$ cat export.txt | perl -e 'while(<>){`gpg -a --output trusted.gpg --export=
=20
$_`;}'
> I have my own 'ultimate' keys, marginal and fully trusted keys. I also ha=
ve
> a database that happens to contain the keyid's of my most important
> correspondents - those within the local LUG.
I can append all database keyid's - importing the same key twice won't be a=
=20
problem for gpg.
> If I can export all important keys to a new keyring, I can delete the old
> one entirely and re-import. Then a --rebuild-keydb-caches --check-trustdb
> and I should be OK?!?
Before I delete the existing keyring, is this likely to work? Will I retain=
=20
all the existing trust in these keys? (63 as it turns out + 24 from the=20
database.)
=2D-=20
Neil Williams
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://www.codehelp.co.uk
http://www.dclug.org.uk
http://www.biglumber.com/x/web?qs=3D0x8801094A28BCB3E3
--Boundary-02=_Qb/Q/3LCVw6rG/N
Content-Type: application/pgp-signature
Content-Description: signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/Q/bPiAEJSii8s+MRAs5SAKDNHuN+yI6vttK32JNqwUahM9tMfACfc8Rl
raZhOZwwGlBIb8pkpkh4DZQ=
=Na3a
-----END PGP SIGNATURE-----
--Boundary-02=_Qb/Q/3LCVw6rG/N--