removing revoked or expired signatures
David Shaw
dshaw at jabberwocky.com
Tue Aug 9 19:19:04 CEST 2005
On Tue, Aug 09, 2005 at 07:09:30PM +0200, Mark Kirchner wrote:
> Hi Michael,
>
> On Tuesday, August 9, 2005, 6:41:14 PM, Michael wrote:
> >> How can I remove revoked and/or expired signatures from my public key?
> >> E.g. keys like these:
> >> sig X CA57AD7C 2005-07-15 PGP Global Directory Verification Key
> >
> > Stand in the feature request line ;-)
>
> It's already in there: Unusable sigs (meaning: sigs, that don't do
> anything in the trust calculation) can be removed during --edit-key
> with "clean sigs". (New feature in 1.4.2)
>
> Use just "clean" to remove revoked/expired uids as well.
>
> That can also be done automatically during import/export by setting
> --import-options import-clean-sigs import-clean-uids
> --export-options export-clean-sigs export-clean-uids
>
> Note that signature revocation certificates themselves are _not_
> removed (= still show up on "check"), only the corresponding
> signatures.
This is required for security. The last signature revocation is
always kept (earlier ones are removed).
David
More information about the Gnupg-users
mailing list