While I can determine the trust level I have placed on an individual OpenPGP public key by using the --edit-key command, is there a simple way to list all the public keys along with their trust levels from the command line?
Asked
Active
Viewed 8,099 times
11
2 Answers
12
You can export all configured owner trust through gpg --export-ownertrust. The output is of the form
FINGERPRINT:TRUST:
For my own key (which has ultimate trust on my machine), there is following line included:
0D69E11F12BDBA077B3726AB4E1F799AA4FF2279:6:
It seems the trust level is corresponds to the number entered in the trust edit command plus one:
1 = I don't know or won't say (export: 2)
2 = I do NOT trust (export: 3)
3 = I trust marginally (export: 4)
4 = I trust fully (export: 5)
5 = I trust ultimately (export: 6)
The output of this command can also be imported again through gpg --import-ownertrust.
Jens Erat
- 17,507
- 14
- 61
- 74
-
if I edit the key and select 1, it shows 2 instead. If I don't know is it considered as "I do NOT trust" ? – Lilás Nov 01 '16 at 18:56
-
1This is exactly what I described: the values of `gpg --edit-key`/`trust` does not have the same number when running `--export-ownertrust`, but maps to values larger by one. "I don't know" having value 1 in `--edit-key` will show up as `2` in the export. The output of this command is not meant to be user-readable anyway. – Jens Erat Nov 01 '16 at 19:15
1
I wrote a small script to do this more easily: gpg-list-ownertrust.py
It is based on the python-gnupg library, which fortunately makes access to the ownertrust level very convenient.
F30
- 111
- 3