Stripping expired subkey during export?
Phil Pennock
gnupg-users at spodhuis.org
Sat Mar 4 00:13:40 CET 2017
On 2017-03-03 at 09:51 +0100, Werner Koch wrote:
> Not cleaning expired subkeys is a good thing for secret key export, so
> that you can keep on decyrpting old mails.
Sure, but this is a non-secret export, for the versions for publication.
> Exporting an expired public
> key can be helpful to see your expired key.
I can see this for a signing key, so that old signatures can be
validated, but I don't see that it's a helpful default for encryption
subkeys, and since encryption subkeys are the only ones typically
created by default, that seems dominant.
> As a compatible hack we could add an 'expired' property to the
> export-filter's drop-subkey method. Just did this:
>
> gpg --export-options export-clean \
> --export-filter drop-subkey='expired -t' \
> --export 1e42b367
>
> removes all my expired subkeys. This is just a first step; we also need
> a properties for the key capability.
I see commit 1813f3be and will build/test this and report back on the
devel list if I experience issues. Thanks!
> drop-sigs does not work on self-signatures - might this be your problem?
> I have not done any these, though.
Ugh, yes. Thanks, I explored everything I could see and kept running
into roadblocks. Thanks for clearing a new path through.
-Phil
More information about the Gnupg-users
mailing list