Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Disable trust db?
jgg at ualberta
Sep 3, 1999, 8:42 PM
Post #1 of 6 (2205 views)
Permalink
I would like to use gnupg as a simple keyring lister, but for some reason
it wants to insert every key it sees into the trust db - this is reeally
slow, but I can't figure out how to turn it off?

Any hints?

Also, could the import command be given an optional key file to import the
key to? That would make keyring maintinance a bit simpler I think.

Thanks,
Jason
Re: Disable trust db? [ In reply to ]
wk at gnupg
Sep 4, 1999, 1:42 AM
Post #2 of 6 (2189 views)
Permalink
Jason Gunthorpe <jgg@ualberta.ca> writes:

> I would like to use gnupg as a simple keyring lister, but for some reason
> it wants to insert every key it sees into the trust db - this is reeally
> slow, but I can't figure out how to turn it off?
>
> Any hints?

Two ways:

$ gpg file

Lists the keyring if file is one

$ gpg --dry-run .....

should not modify the trustdb or any other files.

> Also, could the import command be given an optional key file to import the
> key to? That would make keyring maintinance a bit simpler I think.

Yes this something really important and I have to figure out how to do
it well. There will probably be a 1.0.x release which has what you
need.


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Re: Disable trust db? [ In reply to ]
jgg at ualberta
Sep 4, 1999, 7:27 PM
Post #3 of 6 (2189 views)
Permalink
On Sat, 4 Sep 1999, Werner Koch wrote:

> Two ways:
>
> $ gpg file
>
> Lists the keyring if file is one

Oohh, this is exactly what I want in the first place! This doesn't seem to
be mentioned in the man page though. It is also limited to a single file
and it gives strange output:

--keyring <keyring> --fingerprint
pub:q:1024:1:CE951B1160D74C7D:1999-05-01::553:-:Patrick Cole <z@amused.net>:
fpr:::::::::C8E0BC7969BE7899AA0FEB16F84BFE5A:

gpg <keyring>
pub:q:1024:1:CE951B1160D74C7D:1999-05-01::::
rtv:1:0:
uid:::::::::Patrick Cole <z@amused.net>:
rtv:2:0:

I need the key fingerprint and I don't know what rtv is for..

> $ gpg --dry-run .....
>
> should not modify the trustdb or any other files.

Does it disable any functions? dry-run seems like a bad name to me in that
case, maybe 'read only mode' or something would be better?

-n does work, but it creates the secring and trustdb, but does not enter
anything into them:

samosa{jgg}~/keys#gpg --dry-run --no-options --batch --load-extension rsa
--keyring ./debian-keyring.pgp --keyring ./debian-keyring.gpg
--with-colons --fingerprint > t
gpg: /home/jgg/.gnupg/secring.gpg: keyring created
gpg: /home/jgg/.gnupg/trustdb.gpg: trustdb created

Thanks,
Jason
Re: Disable trust db? [ In reply to ]
wk at gnupg
Sep 6, 1999, 9:30 PM
Post #4 of 6 (2193 views)
Permalink
Jason Gunthorpe <jgg@ualberta.ca> writes:

> > $ gpg file
> >
> > Lists the keyring if file is one
>
> Oohh, this is exactly what I want in the first place! This doesn't seem to
> be mentioned in the man page though. It is also limited to a single file

You can cat the files into gpg

> and it gives strange output:
>
> --keyring <keyring> --fingerprint
> pub:q:1024:1:CE951B1160D74C7D:1999-05-01::553:-:Patrick Cole <z@amused.net>:
> fpr:::::::::C8E0BC7969BE7899AA0FEB16F84BFE5A:

waht about:

cat * | gpg -n --with-fingerprint --with-colons

--fingerprint is a command which prints the fingerprint for the given
user IDs; --with-fingerprint simply prints the fingerprints along
with the other information.

> uid:::::::::Patrick Cole <z@amused.net>:
> rtv:2:0:

Ring Trust Value: Not used in gpg but we need it for tools/lspgpot


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013
Re: Disable trust db? [ In reply to ]
jgg at ualberta
Sep 7, 1999, 9:01 PM
Post #5 of 6 (2194 views)
Permalink
On Tue, 7 Sep 1999, Werner Koch wrote:

> > > $ gpg file
> > >
> > > Lists the keyring if file is one
> >
> > Oohh, this is exactly what I want in the first place! This doesn't seem to
> > be mentioned in the man page though. It is also limited to a single file

> You can cat the files into gpg

Well, I'm calling it from another program, catting the files together is
'more work' - having multiple files on the command line would be a nice
feature.

> cat * | gpg -n --with-fingerprint --with-colons

I need to upgrade gpg on my personal box it seems...

Thanks,
Jason
Re: Disable trust db? [ In reply to ]
wk at gnupg
Sep 7, 1999, 11:48 PM
Post #6 of 6 (2184 views)
Permalink
Jason Gunthorpe <jgg@ualberta.ca> writes:

> Well, I'm calling it from another program, catting the files together is
> 'more work' - having multiple files on the command line would be a nice
> feature.
>
> > cat * | gpg -n --with-fingerprint --with-colons

It is complicated to do, becuase the default operation mode of gpg
depends on the input data and I am not sure whether it is a good idea
to simply run the loop within gpg.

What about this:

if( files[0] ) {
for(n=0, p=files; p; p++ )
n += strlen(p)+1;
n += strlen(gpg_and_options)+1;
buf = xmalloc( 4+n );
strcpy( buf, "cat " );
for( *buf=0, p=files; p; p++ ) {
strcat( buf, p );
strcat( buf, " ");
}
buf[strlen(buf)-1] = '|';
strcat( buf, pgp_and_options );
system( buf );
free(buf);
}


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal