script to clean my keyring

John Clizbe JPClizbe at tx.rr.com
Wed Oct 31 08:21:59 CET 2007 

Michael wrote:
> Hi John,
>
> thank you for the answer how to clean my key ring:
>
>> How about doing it this way:
>>     cp pubring.gpg pubring.tmp
>>     gpg --import-options import-clean --import pubring.tmp

Don't use pubring.tmp. I remembered that gpg uses that name (and also
pubring.bak) as part of the importing. Try pubring.sav
>
> === 1 ===
> This will make a clean import to the current pubring.gpg but will this
> help? Will these keys which are imported overwrite the keys in the current
> pubkey.gpg? Or would I need to start whith a "striped" which only contains
> my selfsignature?

No, what is happening is that the import will merge both copies of each key and
then apply the cleaning algorithm. Since the imported keyring is a copy of the
original, all that effectively happens is the cleaning.

>>     gpg --keyserver-options import-clean \
>>       --keyserver pool.sks-keyservers.org refresh-keys
>
>
> === 2===
> I like to keep my key ring updated, what about this: I run on a frequent
> basis:
>
>      # Assumption is that the key is currently clean
>      cp pubring.gpg pubring.bak<TIMESTAMP>
>
>      gpg --keyserver-options import-clean \
>        --keyserver pool.sks-keyservers.org refresh-keys
>
>      cp pubring.gpg pubring.tmp
>      gpg --import-options import-clean --import pubring.tmp

A reimport after refreshing with import-clean is unnecessary.

After you initially clean a keyring (above), if you set import-clean as both a
keyserver-option and an import-option in gpg.conf, whenever a key is added and
whenever you refresh your keyring, keys will automatically be cleaned.  You
shouldn't need to re-import your keyring to clean it again.

Example lines from gpg.conf:

    keyserver-options auto-key-retrieve include-subkeys include-revoked \
	import-clean export-clean
    import-options import-clean


--
John P. Clizbe                   Inet:   JPClizbe(a)comcast DOT nyet
Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20071031/885f75ce/attachment.pgp

More information about the Gnupg-users mailing list