trust management script

Neil Williams linux at codehelp.co.uk
Thu Apr 22 00:34:19 CEST 2004


Just in case this is useful to anyone else:

(Replace 28BCB3E3 in line 11 with the keyid of your main signing key)

#!/bin/bash
echo "Printing details of fully trusted keys that are set to FULL trust"
echo "but which do NOT carry your signature"

KEYS=`gpg --list-keys --with-colons | grep "pub:f:" | grep "::f:" | cut \ 
-d: -f5`
for check in $KEYS
do
        SIGS=''
        if [ "$check" ]; then
                OUTPUT=`gpg --list-key $check | grep "^pub"`
                SIGS="`gpg --list-sigs $check | grep 28BCB3E3`"
                if [ -z "$SIGS" ]; then
                        echo "$OUTPUT"
                fi
        fi
done

I wrote it to check that I hadn't inadvertently set a key to fully trusted for 
verifying other keys when I hadn't actually signed and therefore verified the 
key itself. I worked on the idea that if I hadn't verified the key, I 
probably had never met the person behind the key and therefore I was unlikely 
to be able to make much of a decision on how carefully that person would 
verify someone else's key. (Not having had the chance to see them verify my 
own key.)

It could be used alongside --update-trustdb which catches those keys with no 
user trust setting but a full GnuPG trust value.

-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040421/2bd3df24/attachment.bin


More information about the Gnupg-users mailing list