trust management script
Neil Williams
linux at codehelp.co.uk
Thu Apr 22 00:34:19 CEST 2004
Just in case this is useful to anyone else:
(Replace 28BCB3E3 in line 11 with the keyid of your main signing key)
#!/bin/bash
echo "Printing details of fully trusted keys that are set to FULL trust"
echo "but which do NOT carry your signature"
KEYS=`gpg --list-keys --with-colons | grep "pub:f:" | grep "::f:" | cut \
-d: -f5`
for check in $KEYS
do
SIGS=''
if [ "$check" ]; then
OUTPUT=`gpg --list-key $check | grep "^pub"`
SIGS="`gpg --list-sigs $check | grep 28BCB3E3`"
if [ -z "$SIGS" ]; then
echo "$OUTPUT"
fi
fi
done
I wrote it to check that I hadn't inadvertently set a key to fully trusted for
verifying other keys when I hadn't actually signed and therefore verified the
key itself. I worked on the idea that if I hadn't verified the key, I
probably had never met the person behind the key and therefore I was unlikely
to be able to make much of a decision on how carefully that person would
verify someone else's key. (Not having had the chance to see them verify my
own key.)
It could be used alongside --update-trustdb which catches those keys with no
user trust setting but a full GnuPG trust value.
--
Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/
http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040421/2bd3df24/attachment.bin
More information about the Gnupg-users
mailing list