trust management script
linux at codehelp.co.uk
Thu Apr 22 00:34:19 CEST 2004
Just in case this is useful to anyone else:
(Replace 28BCB3E3 in line 11 with the keyid of your main signing key)
echo "Printing details of fully trusted keys that are set to FULL trust"
echo "but which do NOT carry your signature"
KEYS=`gpg --list-keys --with-colons | grep "pub:f:" | grep "::f:" | cut \
for check in $KEYS
if [ "$check" ]; then
OUTPUT=`gpg --list-key $check | grep "^pub"`
SIGS="`gpg --list-sigs $check | grep 28BCB3E3`"
if [ -z "$SIGS" ]; then
I wrote it to check that I hadn't inadvertently set a key to fully trusted for
verifying other keys when I hadn't actually signed and therefore verified the
key itself. I worked on the idea that if I hadn't verified the key, I
probably had never met the person behind the key and therefore I was unlikely
to be able to make much of a decision on how carefully that person would
verify someone else's key. (Not having had the chance to see them verify my
It could be used alongside --update-trustdb which catches those keys with no
user trust setting but a full GnuPG trust value.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Url : /pipermail/attachments/20040421/2bd3df24/attachment.bin
More information about the Gnupg-users