Trust Signature REs

Werner Koch wk at
Wed May 21 10:47:55 CEST 2014

On Wed,  7 May 2014 19:23, nicholas.cole at said:

> Is there any way to tell gnupg that I am actually entering a raw re
> and do not wish it to do any conversion?


FWIW, here is a comment describing how gpg uses the RE:

  /* There are basically two commonly-used regexps here.  GPG and most
     versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
     command line uses "" (i.e. whatever the user specfies,
     and we can't expect users know to use "\." instead of ".").  So
     here are the rules: we're allowed to start with "<[^>]+[@.]" and
     end with ">$" or start and end with nothing.  In between, the
     only legal regex character is ".", and everything else gets
     escaped.  Part of the gotcha here is that some regex packages
     allow more than RFC-4880 requires.  For example, 4880 has no "{}"
     operator, but GNU regex does.  Commenting removes these operators
     from consideration.  A possible future enhancement is to use
     commenting to effectively back off a given regex to the Henry
     Spencer syntax in 4880. -dshaw */

I have no concerns on adding an option to allow setting an arbitrary RE.
The easiest way of implementing this would be by prepending a flag to
the prompt.  For example

  Your selection? |raw|<[^>]+[@.]nowhere\.com>$

A leading '|' is not a valid special character nor a valid mailbox or
domain character.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list