Keys clean of all signatures except those made by others I trust

Daniel Kahn Gillmor dkg at
Wed Jan 24 19:05:16 CET 2018

On Tue 2018-01-23 16:55:20 -0500, Robert J. Hansen wrote:
>> From the man page:
> Note that this can be done in a bash one-liner:
> $ for x in `gpg --list-keys|grep "[A-F0-9]\{40\}"|sed 's/ //g'` ; do gpg
> --edit-key $x clean save ; done

please don't script based on the output of gpg without using
--with-colons.  the "human-readable" form is subject to change, but
--with-colons offers a stable API. 

so a stable bash script would look something like:

  for fpr in $(gpg --with-colons --list-keys | \
               awk -F: '/^fpr:/{ print $10 }'); do \
      gpg --edit-key "fpr" clean save; done

hope this helps,


More information about the Gnupg-users mailing list