Exporting only trusted public keys

David Shaw dshaw@jabberwocky.com
Thu Aug 21 03:39:01 2003


--ZfOjI3PrQbgiZnxM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 20, 2003 at 07:02:01PM -0400, Jeff McAdams wrote:
> Also Sprach Neil Williams Content-Description: signed data
> >On Wednesday 20 Aug 2003 10:33 pm, Neil Williams wrote:
> >> With a keyring of >400 now, I know that I have approx 150 completely
> >> redundant keys in the keyring - usually keys imported to validate
> >> one-off emails or wrongly imported to try and form a web of trust.
> >> These show up in KGPG as Trust:?
>=20
> >After a little thought, I came up with these commands:
> >1. Retrieve details of only trusted keys:
> >$ gpg --list-keys --with-colons | grep "pub:[u|f|m]:" > trusted.txt
> >
> >2. use perl to obtain the 16character keyid form:
> >$ cat trusted.txt | perl -e 'while (<>) { $_ =3D~ /([A-Z0-9]{16})/;print=
 "$1 "}'=20
> >> export.txt
> >
> >3. Export each keyid into one keyring.
> >$ cat export.txt | perl -e 'while(<>){`gpg -a --output trusted.gpg --exp=
ort=20
> >$_`;}'
>=20
> Just an attempt to help out...
>=20
> The above, essentially munged into a single pipeline.
>=20
> gpg --list-keys --with-colons | grep "^pub:[u|f|m]:" | cut -f5 -d":" | \
> xargs gpg -a --export | gpg --import --nodefault-keyring --keyring \
> /tmp/foo.gpg
>=20
> Replace "/tmp/foo.gpg" with the destination keyring, of course.

Excellent!  Here's a very minor optimization of that command line
which skips the call to xargs and avoids converting to and from ASCII:

gpg --export `gpg --list-keys --fixed-list-mode --with-colons | \
grep "^pub:[u|f|m]:" | cut -f5 -d":"` | gpg --import \
--no-default-keyring --keyring /tmp/foo.gpg

If you want to just delete any keys that aren't part of your web of
trust without making a whole new keyring first, you can do:

gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
--with-colons | grep "^pub" | grep -v "^pub:[u|f|m]:" | cut -f5 -d":"`

David

--ZfOjI3PrQbgiZnxM
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iEYEARECAAYFAj9EIv8ACgkQ4mZch0nhy8l4MQCg1DdieIDL8lbyvaVStnffVQ7o
i4sAnRT0UAURh8FI0CidDFdE2hlJSnGc
=hfSF
-----END PGP SIGNATURE-----

--ZfOjI3PrQbgiZnxM--