Trust signatures with unbounded regular expressions

David Shaw dshaw at jabberwocky.com
Tue Feb 21 19:42:41 CET 2012


On Feb 21, 2012, at 5:52 AM, Sean Buckheister wrote:

>> No.  For security reasons we don't allow arbitrary REs anymore:
> 
> That is unfortunate. I'll probably default to signature notations and
> some more application logic then.
> 
> Thank your for your time.

If I understand, you were trying to accept "mail1.example.com" and "mail2.example.com".  Try this regexp:

  <[^>]+[@.]mail.\.example\.com>$

That will match both mail1.example.com and mail2.example.com, and is accepted by the GPG parser.

Two caveats:

1) You'll have to hack the code to create it since you can't type it in.  Once created, though, any unmodified GPG should be able to handle it.

2) It will match some things other than mail1.example.com and mail2.example.com as well (like mailQ.example.com, or foobar.mail1.example.com, etc).

David




More information about the Gnupg-users mailing list