Merging trusts...
Werner Koch
wk at gnupg.org
Thu May 1 14:56:08 CEST 2008
On Thu, 1 May 2008 00:46, JPClizbe at tx.rr.com said:
> from the second keyring to form the common keyring. You'll have to set
> ownertrust individually, I don't believe there's a way to merge trustdb
Tehre is an --export-ownertrust and an --import-ownertrust command. The
format they use is very traighforward but not officially documented:
0011223344556677889900112233445566778899:1:
fingerprint of the key ownertrust value
Merging two files is possible but you need to decide what to do with
different ownertrust values. Importing one after the other will
oeverwrite existing values. The code for export/import is in
g10/dbdump.c. The ownertrust values are:
#define TRUST_MASK 15
#define TRUST_UNDEFINED 2
#define TRUST_NEVER 3
#define TRUST_MARGINAL 4
#define TRUST_FULLY 5
#define TRUST_ULTIMATE 6
/* Trust values not covered by the mask. */
#define TRUST_FLAG_REVOKED 32 /* r: revoked */
#define TRUST_FLAG_SUB_REVOKED 64 /* r: revoked but for subkeys */
#define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
A merge strategy (A,B->R) for the ownertrust value might be:
if( and( A , TRUST_MASK ) > and( B, TRUST_MASK ) ) {
R = or( A , and( B, compl( TRUST_MASK )) )
} else {
R = or( B , and( A, compl( TRUST_MASK )) )
}
That keeps the highest assigned ownertrust value as well as any revoked
and disabled flags. The above code snippet might work with a decent GNU
awk; just add a sort and duplicate fingerprint detection.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-users
mailing list