Trust Signature REs

Nicholas Cole nicholas.cole at
Wed May 21 12:54:50 CEST 2014

On Wed, May 21, 2014 at 9:47 AM, Werner Koch <wk at> wrote:
> On Wed,  7 May 2014 19:23, nicholas.cole at said:
>> Is there any way to tell gnupg that I am actually entering a raw re
>> and do not wish it to do any conversion?
> No.
> FWIW, here is a comment describing how gpg uses the RE:
>   /* There are basically two commonly-used regexps here.  GPG and most
>      versions of PGP use "<[^>]+[@.]example\.com>$" and PGP (9)
>      command line uses "" (i.e. whatever the user specfies,
>      and we can't expect users know to use "\." instead of ".").  So
>      here are the rules: we're allowed to start with "<[^>]+[@.]" and
>      end with ">$" or start and end with nothing.  In between, the
>      only legal regex character is ".", and everything else gets
>      escaped.  Part of the gotcha here is that some regex packages
>      allow more than RFC-4880 requires.  For example, 4880 has no "{}"
>      operator, but GNU regex does.  Commenting removes these operators
>      from consideration.  A possible future enhancement is to use
>      commenting to effectively back off a given regex to the Henry
>      Spencer syntax in 4880. -dshaw */
> I have no concerns on adding an option to allow setting an arbitrary RE.
> The easiest way of implementing this would be by prepending a flag to
> the prompt.  For example

Dear Werner,

Thanks for this.  The comment in the code was very helpful, and I used
it to construct a way to reverse-engineer the original domain and then
feed that back to gpg which works fine.  All the same, a leading way
to say |raw| would be even better.

Best wishes,


More information about the Gnupg-users mailing list