Expired Keys
Neil Williams
linux at codehelp.co.uk
Sun Sep 4 23:57:52 CEST 2005
On Sunday 04 September 2005 9:20 pm, Cameron Metzke wrote:
> Hi,
Message was signed on 01/01/1970 12:59 am with unknown key 0x68312280.
The validity of the signature cannot be verified.
gpgkeys: key 8892825868312280 not found on keyserver
If you are going to sign emails, PLEASE make sure your key is on
subkeys.pgp.net!
Ta.
> Is there any command that will delete expired keys from a keyring ?
From previous discussions here:
gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
--with-colons | grep "^pub" | grep -v "^pub:[u|f]:" | cut -f5 -d":"`
That deletes anything that is NOT u (ultimate trust) of f (full trust). Adapt
the regexp ^pub:[u|f] to suit.
If, like me, you run this regularly as a cron job to filter out the useless
keys that clutter up many keyrings, use:
#!/bin/bash
gpg --check-trustdb
gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
--with-colons | grep "^pub" | grep -v "^pub:[u|f]:" | cut -f5 -d":"`
gpg --import /home/neil/documents/gpg/people/*.asc
gpg --refresh-keys
gpg --check-trustdb
The import line brings back keys that I want but which I have not yet had a
chance to sign.
The refresh-keys command updates every key still in the keyring - you could
run that FIRST but it takes longer. It depends how likely it is that some of
the "junk" keys will turn out to be trusted once refreshed.
Of course, one man's junk is another man's gold. YMMV.
--
Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050904/2ff6dfc3/attachment.pgp
More information about the Gnupg-users
mailing list