trust management script

Neil Williams linux at
Thu Apr 22 00:34:19 CEST 2004

Just in case this is useful to anyone else:

(Replace 28BCB3E3 in line 11 with the keyid of your main signing key)

echo "Printing details of fully trusted keys that are set to FULL trust"
echo "but which do NOT carry your signature"

KEYS=`gpg --list-keys --with-colons | grep "pub:f:" | grep "::f:" | cut \ 
-d: -f5`
for check in $KEYS
        if [ "$check" ]; then
                OUTPUT=`gpg --list-key $check | grep "^pub"`
                SIGS="`gpg --list-sigs $check | grep 28BCB3E3`"
                if [ -z "$SIGS" ]; then
                        echo "$OUTPUT"

I wrote it to check that I hadn't inadvertently set a key to fully trusted for 
verifying other keys when I hadn't actually signed and therefore verified the 
key itself. I worked on the idea that if I hadn't verified the key, I 
probably had never met the person behind the key and therefore I was unlikely 
to be able to make much of a decision on how carefully that person would 
verify someone else's key. (Not having had the chance to see them verify my 
own key.)

It could be used alongside --update-trustdb which catches those keys with no 
user trust setting but a full GnuPG trust value.


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040421/2bd3df24/attachment.bin

More information about the Gnupg-users mailing list