Ubuntu: GPG command: --list-sigs only from Trusted keys?



Question:

Whenever I use gpg --list-sigs command I risk getting tons of "spam" from sigs of people I do not know.

Is there a command in GPG where I can --list-sigs but only sigs from keys that I have marked as having a Trust level? What is this command?


Solution:1

gpg --list-keys --list-options show-uid-validity

This will show a validity calculation next to each address (unknown, undef, marginal, full, ultimate). You can then grep -v the unknown and undef ones, this leaves the ones you (or your web of trust) have some trust for.

gpg --list-keys --list-options show-uid-validity | grep -v "unknown\|undef"

For list-sigs the listing is slightly different, so this may work instead:

gpg --list-sigs |grep -v "User ID not found" |grep -v "sig "

note two spaces on the last "sig ".

This will weed out the unknown user IDs and omit any signatures that don't have a trust level. For the meaning of the number right next to "sig", do man gpg and search for --ask-cert-level.

You may also want to look into --list-options no-show-unusable-uids, but in my test it didn't make a significant difference.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »