export-filter question or bug

Erich Eckner gnupg at eckner.net
Sat Feb 13 11:37:39 CET 2021


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 12 Feb 2021, Werner Koch wrote:

> On Fri, 12 Feb 2021 11:44, Erich Eckner said:
>
>> $GPG --export --export-filter keep-uid="mbox = $mbox" $fpr
>
> gpg-wks-client does something similar but using "uid =" with a
> pre-checked UID in an import filter.  It also uses
> import-options=import-export to process the keyblock without actually
> importing it.

Changing to "uid = ..." filter yields the same result. Same for adding 
"--import-options=import-export". But I'm also confused, why 
- --import-options should be relevant when exporting a key :-/

>
>> $GPG --export --export-filter keep-uid="mbox =
>> buildmaster at archlinux32.org" 2E29129B8C684FE7A959C422714A1770ECE2DF62
>> | gpg
>
> You should use
>
>  | gpg --show-keys

ok, noted.

>
>
>> pub   rsa4096 2017-06-23 [SC] [expired: 2019-06-23]
>>        2E29129B8C684FE7A959C422714A1770ECE2DF62
>> uid           buildmaster <buildmaster at archlinux32.org>
>> sub   rsa4096 2017-06-23 [S] [expired: 2021-12-31]
>>
>> (note the expired pub, thus the whole key is considered expired)
>
> Please try with --show-keys instead of using the default action.

Makes no difference.

>
>> This is not usable for wkd for me, because it contains all uids (of
>> course).
>
> I am curious why you don't use gpg-wks-client for example with
> the --install-key command.

Well, for multiple reasons:

First, it's not in $PATH, so I didn't see it, when <tab><tab><tab>'ing ;-)

Now, that I played around with gpg-wks-client, I cannot find a --homedir 
option to set the homedir of the keyring (I do not want to fill the wks's 
user keyring with all the installed keys). Assuming, I have the key in the 
gpg directory in $tmp_dir, what's the best way to get gpg-wks-client to 
read it from there? Only way I found, is exporting into a temporary file:

$GPG --export 2E29129B8C684FE7A959C422714A1770ECE2DF62 > "$tmp_dir/key"
gpg-wks-server --install-key "$tmp_dir/key" buildmaster at archlinux32.org

Interesting thing: This also installes an expired key, while 
"$tmp_dir/key" looks ok:

$ gpg --show-keys < "$tmp_dir/key"
pub   rsa4096 2017-06-23 [SC] [expires: 2021-12-31]
       2E29129B8C684FE7A959C422714A1770ECE2DF62
uid                      archlinux32 repository signing key <repositories at archlinux32.org>
uid                      buildmaster <buildmaster at archlinux32.org>
sub   rsa4096 2017-06-23 [S] [expires: 2021-12-31]

$ gpg --show-keys < archlinux32.org/hu/z4eyw18p7a9p7c9owm78fj93mqkks6q3
pub   rsa4096 2017-06-23 [SC] [expired: 2019-06-23]
       2E29129B8C684FE7A959C422714A1770ECE2DF62
uid                      buildmaster <buildmaster at archlinux32.org>
sub   rsa4096 2017-06-23 [S] [expired: 2021-12-31]


Ah, yet another question: The difference between `gpg-wks-client 
- --install-key ...` and `gpg-wks-server --install-key ...` is quite opaque 
to me: With gpg-wks-client, I need to add "-C .", else it tries in 
openpgp/, but besides that, the options and result look rather identical 
to me.

>
>
> Salam-Shalom,
>
>   Werner

regards,
Erich

-----BEGIN PGP SIGNATURE-----
Comment: Topal (https://zircon.org.uk/topal/)

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAnrBoACgkQCu7JB1Xa
e1pPHw/+N6zqijbSYsMZb/e5AHVdq4czvYy9+hoo087XIcr5214rB7BYfoM4lZMy
NivAbrekYm1wHu4JZv420Yybn0wcSDGoQZZOv5LTJ2G8xz/1xBAWObQ5Hk6KJyTa
cY4vzEYKTbhFMha48zLA1zKFzEM3Iqhq2xmziTcHRj8AgyOt8VlpZzdA1YgsOgdo
eGnxY857CNUAJIXxTg6oVdUjr2ISTrkDinf8ZqpI5DncIatMS5dKKko0DBEkdR0m
/kufwkntOR3PmhxkYw2Z+ThTlTEmhnxHHHxyLrVm30gJPDN9b/+ZyD4B5ShswGTm
AtwjVi3nOL6oDfsHjQNq/EcbH/kdd44TLQLRXEzJ48SIAPnOvo3Y8K2diV00CdhC
qdKFpT4Vh1HIdI7hivtqvj46kgN1jn+lUzYldXixldCMaYkFz7ibeoP/KSMscFs7
VtHF0U/Ipbj8fcwxRrSRkOpfgKALpZDO4+NO9j3V29pSPZk7UCvBeduxs4TG3Koa
veC8m1v1QJleh2FdCz8ExSSrQi+py+uOFYt2XAflCG9fQzfLLF/02dQ9MrNxpbHU
zhgp07BzqxNdH/rOV74OqbJ9S5a4aiMmzHwRWuEZafBDitWcsSw69J7K6kCrmpiV
+zVTCDozeKstpb411cQhpiwSjyTOOKOtFjB/ThhpmLiQ+ljuhP4=
=pSy7
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list