Dropping expired subkeys from batch export

Martin von Gagern Martin.vGagern at gmx.net
Mon May 24 16:28:37 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there!

I'm using GPG 2.0.15. I want to export public keys from a perl script,
i.e. using "--batch" if possible. Some of the keys contain multiple
subkeys, and some of the subkeys have expired.

There are at least two good reasons to strip expired subkeys:
- - avoid transfer of unneccessary data
- - the PGP Global Directory will refuse keys with expired subkeys

I found no easy way to strip expired subkeys from the export output:

- - "--export-options export-clean" cleans unusable sigs, but not subkeys

- - Even using temporary keyrings won't work, as "--edit-key" to delete a
subkey won't work in "--batch" mode, and there seems to be no
command-line alternative to this.

So the only thing I can imagine would be dropping the "--batch"
requirement and hoping that gpg won't ask any interactive questions. And
still using a temporary keyring which causes a number of additional
commands to set things up and clean up afterwards.

Is there an alternative? Some kind of undocumented feature? Any hint?

If there isn't, do you agree that there should be, i.e. that this should
become a feature request?

Greetings,
 Martin von Gagern
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkv6jRUACgkQRhp6o4m9dFujRgCgiLU++la759Zz4YCtKH+dbOOH
4rkAn2DNSkf96D+jdZJ5vzfQSa14aiwI
=7WBc
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list