export-filter question or bug
Erich Eckner
gnupg at eckner.net
Sat Feb 13 11:37:39 CET 2021
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Fri, 12 Feb 2021, Werner Koch wrote:
> On Fri, 12 Feb 2021 11:44, Erich Eckner said:
>
>> $GPG --export --export-filter keep-uid="mbox = $mbox" $fpr
>
> gpg-wks-client does something similar but using "uid =" with a
> pre-checked UID in an import filter. It also uses
> import-options=import-export to process the keyblock without actually
> importing it.
Changing to "uid = ..." filter yields the same result. Same for adding
"--import-options=import-export". But I'm also confused, why
- --import-options should be relevant when exporting a key :-/
>
>> $GPG --export --export-filter keep-uid="mbox =
>> buildmaster at archlinux32.org" 2E29129B8C684FE7A959C422714A1770ECE2DF62
>> | gpg
>
> You should use
>
> | gpg --show-keys
ok, noted.
>
>
>> pub rsa4096 2017-06-23 [SC] [expired: 2019-06-23]
>> 2E29129B8C684FE7A959C422714A1770ECE2DF62
>> uid buildmaster <buildmaster at archlinux32.org>
>> sub rsa4096 2017-06-23 [S] [expired: 2021-12-31]
>>
>> (note the expired pub, thus the whole key is considered expired)
>
> Please try with --show-keys instead of using the default action.
Makes no difference.
>
>> This is not usable for wkd for me, because it contains all uids (of
>> course).
>
> I am curious why you don't use gpg-wks-client for example with
> the --install-key command.
Well, for multiple reasons:
First, it's not in $PATH, so I didn't see it, when <tab><tab><tab>'ing ;-)
Now, that I played around with gpg-wks-client, I cannot find a --homedir
option to set the homedir of the keyring (I do not want to fill the wks's
user keyring with all the installed keys). Assuming, I have the key in the
gpg directory in $tmp_dir, what's the best way to get gpg-wks-client to
read it from there? Only way I found, is exporting into a temporary file:
$GPG --export 2E29129B8C684FE7A959C422714A1770ECE2DF62 > "$tmp_dir/key"
gpg-wks-server --install-key "$tmp_dir/key" buildmaster at archlinux32.org
Interesting thing: This also installes an expired key, while
"$tmp_dir/key" looks ok:
$ gpg --show-keys < "$tmp_dir/key"
pub rsa4096 2017-06-23 [SC] [expires: 2021-12-31]
2E29129B8C684FE7A959C422714A1770ECE2DF62
uid archlinux32 repository signing key <repositories at archlinux32.org>
uid buildmaster <buildmaster at archlinux32.org>
sub rsa4096 2017-06-23 [S] [expires: 2021-12-31]
$ gpg --show-keys < archlinux32.org/hu/z4eyw18p7a9p7c9owm78fj93mqkks6q3
pub rsa4096 2017-06-23 [SC] [expired: 2019-06-23]
2E29129B8C684FE7A959C422714A1770ECE2DF62
uid buildmaster <buildmaster at archlinux32.org>
sub rsa4096 2017-06-23 [S] [expired: 2021-12-31]
Ah, yet another question: The difference between `gpg-wks-client
- --install-key ...` and `gpg-wks-server --install-key ...` is quite opaque
to me: With gpg-wks-client, I need to add "-C .", else it tries in
openpgp/, but besides that, the options and result look rather identical
to me.
>
>
> Salam-Shalom,
>
> Werner
regards,
Erich
-----BEGIN PGP SIGNATURE-----
Comment: Topal (https://zircon.org.uk/topal/)
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAnrBoACgkQCu7JB1Xa
e1pPHw/+N6zqijbSYsMZb/e5AHVdq4czvYy9+hoo087XIcr5214rB7BYfoM4lZMy
NivAbrekYm1wHu4JZv420Yybn0wcSDGoQZZOv5LTJ2G8xz/1xBAWObQ5Hk6KJyTa
cY4vzEYKTbhFMha48zLA1zKFzEM3Iqhq2xmziTcHRj8AgyOt8VlpZzdA1YgsOgdo
eGnxY857CNUAJIXxTg6oVdUjr2ISTrkDinf8ZqpI5DncIatMS5dKKko0DBEkdR0m
/kufwkntOR3PmhxkYw2Z+ThTlTEmhnxHHHxyLrVm30gJPDN9b/+ZyD4B5ShswGTm
AtwjVi3nOL6oDfsHjQNq/EcbH/kdd44TLQLRXEzJ48SIAPnOvo3Y8K2diV00CdhC
qdKFpT4Vh1HIdI7hivtqvj46kgN1jn+lUzYldXixldCMaYkFz7ibeoP/KSMscFs7
VtHF0U/Ipbj8fcwxRrSRkOpfgKALpZDO4+NO9j3V29pSPZk7UCvBeduxs4TG3Koa
veC8m1v1QJleh2FdCz8ExSSrQi+py+uOFYt2XAflCG9fQzfLLF/02dQ9MrNxpbHU
zhgp07BzqxNdH/rOV74OqbJ9S5a4aiMmzHwRWuEZafBDitWcsSw69J7K6kCrmpiV
+zVTCDozeKstpb411cQhpiwSjyTOOKOtFjB/ThhpmLiQ+ljuhP4=
=pSy7
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list