set owner trust from a script

Alphax alphasigmax at
Mon May 29 08:06:22 CEST 2006

Nicolas Rachinsky wrote:
> Hallo,
> what is the best way to set the owner trust of a key from a script?

I've actually played around with this...

To do ownertrust stuff:

gpg --list-keys --with-colons --with-fingerprint

grep "^fpr"

The fingerprint format is:


The ownertrust format is:


where trust is:

0: (not settable)
1: expired (not sure what this means)
2: undefined
3: none
4: marginal
5: full
6: ultimate
128: disabled

If you want to set all valid keys with unspecified trust to marginal trust:

gpg --list-keys --with-colons --with-fingerprint `gpg --list-keys \
--with-colons | grep "pub:f:.*:-:" | sed -r -e \
's/pub:f:[0-9]+:[0-9]+:([A-F0-9]+):.*/0x\1/'` | grep "^fpr:" \
| sed -r -e 's/fpr:::::::::([0-9A-F]+):/\1:4:/' | gpg --import-ownertrust

Note that this isn't entirely foolproof and may have unintended
consequences - make backups of your keyring(s) and trustdb first. I've
mainly used it semi-automatically where I check the status of some keys,
run the script, and then re-check the status of the keys.

        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060529/2f3b526e/signature.pgp

More information about the Gnupg-users mailing list