Whenever I use gpg --list-sigs command I risk getting tons of "spam" from sigs of people I do not know.
Is there a command in GPG where I can --list-sigs but only sigs from keys that I have marked as having a Trust level? What is this command?
Asked
Active
Viewed 5,402 times
4
1 Answers
4
gpg --list-keys --list-options show-uid-validity
This will show a validity calculation next to each address (unknown, undef, marginal, full, ultimate). You can then grep -v the unknown and undef ones, this leaves the ones you (or your web of trust) have some trust for.
gpg --list-keys --list-options show-uid-validity | grep -v "unknown\|undef"
For list-sigs the listing is slightly different, so this may work instead:
gpg --list-sigs |grep -v "User ID not found" |grep -v "sig "
note two spaces on the last "sig ".
This will weed out the unknown user IDs and omit any signatures that don't have a trust level. For the meaning of the number right next to "sig", do man gpg and search for --ask-cert-level.
You may also want to look into --list-options no-show-unusable-uids, but in my test it didn't make a significant difference.
roadmr
- 33,892
- 9
- 80
- 93
-
how do I make this work with the --list-sigs command? – Don May 10 '12 at 17:45
-
w/ some keys, I get rows of expired keys and [User ID not found]. I want to just see my sig and those from other keys I trust instead of having to wade through expired keys and not found user ids. – Don May 10 '12 at 17:47
-
Apologies, I misread the --list-sigs part. I'll update the answer. – roadmr May 10 '12 at 18:53