Michael wrote: > Hi John, > > thank you for the answer how to clean my key ring: > >> How about doing it this way: >> cp pubring.gpg pubring.tmp >> gpg --import-options import-clean --import pubring.tmp
Don't use pubring.tmp. I remembered that gpg uses that name (and also
pubring.bak) as part of the importing. Try pubring.sav
>
> === 1 ===
> This will make a clean import to the current pubring.gpg but will this
> help? Will these keys which are imported overwrite the keys in the current
> pubkey.gpg? Or would I need to start whith a "striped" which only contains
> my selfsignature?
No, what is happening is that the import will merge both copies of each key and
then apply the cleaning algorithm. Since the imported keyring is a copy of the
original, all that effectively happens is the cleaning.
>> gpg --keyserver-options import-clean \
>> --keyserver pool.sks-keyservers.org refresh-keys
>
>
> === 2===
> I like to keep my key ring updated, what about this: I run on a frequent
> basis:
>
> # Assumption is that the key is currently clean
> cp pubring.gpg pubring.bak<TIMESTAMP>
>
> gpg --keyserver-options import-clean \
> --keyserver pool.sks-keyservers.org refresh-keys
>
> cp pubring.gpg pubring.tmp
> gpg --import-options import-clean --import pubring.tmp
A reimport after refreshing with import-clean is unnecessary.
After you initially clean a keyring (above), if you set import-clean as both a
keyserver-option and an import-option in gpg.conf, whenever a key is added and
whenever you refresh your keyring, keys will automatically be cleaned. You
shouldn't need to re-import your keyring to clean it again.
Example lines from gpg.conf:
keyserver-options auto-key-retrieve include-subkeys include-revoked \
import-clean export-clean
import-options import-clean
--
John P. Clizbe Inet: JPClizbe(a)comcast DOT nyet
Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
"Be who you are and say what you feel because those who mind don't matter
and those who matter don't mind." - Dr Seuss, "Oh the Places You'll Go"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
