Expired Keys

Neil Williams linux at codehelp.co.uk
Sun Sep 4 23:57:52 CEST 2005

On Sunday 04 September 2005 9:20 pm, Cameron Metzke wrote:
> Hi,

Message was signed on 01/01/1970 12:59 am with unknown key 0x68312280.
The validity of the signature cannot be verified.
gpgkeys: key 8892825868312280 not found on keyserver

If you are going to sign emails, PLEASE make sure your key is on 


> Is there any command that will delete expired keys from a keyring ?

From previous discussions here:

gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
--with-colons | grep "^pub" | grep -v "^pub:[u|f]:" | cut -f5 -d":"`

That deletes anything that is NOT u (ultimate trust) of f (full trust). Adapt 
the regexp ^pub:[u|f] to suit.

If, like me, you run this regularly as a cron job to filter out the useless 
keys that clutter up many keyrings, use:

gpg --check-trustdb
gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
--with-colons | grep "^pub" | grep -v "^pub:[u|f]:" | cut -f5 -d":"`
gpg --import /home/neil/documents/gpg/people/*.asc
gpg --refresh-keys
gpg --check-trustdb

The import line brings back keys that I want but which I have not yet had a 
chance to sign.

The refresh-keys command updates every key still in the keyring - you could 
run that FIRST but it takes longer. It depends how likely it is that some of 
the "junk" keys will turn out to be trusted once refreshed.

Of course, one man's junk is another man's gold. YMMV.


Neil Williams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20050904/2ff6dfc3/attachment.pgp

More information about the Gnupg-users mailing list