removing revoked or expired signatures

David Shaw dshaw at jabberwocky.com
Tue Aug 9 19:19:04 CEST 2005


On Tue, Aug 09, 2005 at 07:09:30PM +0200, Mark Kirchner wrote:
> Hi Michael,
> 
> On Tuesday, August 9, 2005, 6:41:14 PM, Michael wrote:
> >> How can I remove revoked and/or expired signatures from my public key?
> >> E.g. keys like these:
> >> sig       X  CA57AD7C 2005-07-15  PGP Global Directory Verification Key
> >
> > Stand in the feature request line ;-)
> 
> It's already in there: Unusable sigs (meaning: sigs, that don't do
> anything in the trust calculation) can be removed during --edit-key
> with "clean sigs". (New feature in 1.4.2)
> 
> Use just "clean" to remove revoked/expired uids as well.
> 
> That can also be done automatically during import/export by setting
> --import-options import-clean-sigs import-clean-uids
> --export-options export-clean-sigs export-clean-uids
> 
> Note that signature revocation certificates themselves are _not_
> removed (= still show up on "check"), only the corresponding
> signatures.

This is required for security.  The last signature revocation is
always kept (earlier ones are removed).

David



More information about the Gnupg-users mailing list