Expired Keys

Mon Sep 5 00:31:13 CEST 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Neil Williams wrote:
> On Sunday 04 September 2005 9:20 pm, Cameron Metzke wrote:
> 
>>Hi,
> 
> 
> Message was signed on 01/01/1970 12:59 am with unknown key 0x68312280.
> The validity of the signature cannot be verified.
> gpgkeys: key 8892825868312280 not found on keyserver
> 
> If you are going to sign emails, PLEASE make sure your key is on 
> subkeys.pgp.net!
> 
> Ta.
> 
> 
>>Is there any command that will delete expired keys from a keyring ?
> 
> 
> From previous discussions here:
> 
> gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
> --with-colons | grep "^pub" | grep -v "^pub:[u|f]:" | cut -f5 -d":"`
> 
> That deletes anything that is NOT u (ultimate trust) of f (full trust). Adapt 
> the regexp ^pub:[u|f] to suit.
> 
> If, like me, you run this regularly as a cron job to filter out the useless 
> keys that clutter up many keyrings, use:
> 
> #!/bin/bash
> gpg --check-trustdb
> gpg --batch --yes --delete-key `gpg --list-keys --fixed-list-mode \
> --with-colons | grep "^pub" | grep -v "^pub:[u|f]:" | cut -f5 -d":"`
> gpg --import /home/neil/documents/gpg/people/*.asc
> gpg --refresh-keys
> gpg --check-trustdb
> 
> The import line brings back keys that I want but which I have not yet had a 
> chance to sign.
> 
> The refresh-keys command updates every key still in the keyring - you could 
> run that FIRST but it takes longer. It depends how likely it is that some of 
> the "junk" keys will turn out to be trusted once refreshed.
> 
> Of course, one man's junk is another man's gold. YMMV.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Well thats a great bash script which i will incorperate into my *nix box
:).
Basically what im trying to do is build a php frontend to gnupg which
can act like a keyserver. The keys are imported using --fast-import
which i belive doesnt touch the trustdb, so all im really trying to do
is basically delete all expired keys in the pubring (and possibly keys
that have been revoked).
I intend on using a bash script to run the delete script via cron.
Unfortunatly my skills have alot to be desired lol, so best i get to
work on it :)
If anyones has any tips I would love to hear them :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDG3WwiJKCWGgxIoARAjMUAKCUBiFhvg2Hh7acpNcAZ27T8hBD3ACgmYiv
/kmOIg8M5OegatAvVuJ0nfM=
=z+qZ
-----END PGP SIGNATURE-----