On Fri, 3 Mar 2017 07:21, [email protected] said: > Why is `export-clean` not dropping the expired subkey? Is it that > export-clean only filters unusable userids, not unusable subkeys?
Right:
/* Always do the cleaning on the public key part if requested.
* Note that both export-clean and export-minimal only apply to
* UID sigs (0x10, 0x11, 0x12, and 0x13). A designated
* revocation is never stripped, even with export-minimal set. */
Not cleaning expired subkeys is a good thing for secret key export, so
that you can keep on decyrpting old mails. Exporting an expired public
key can be helpful to see your expired key.
For sending keys to keyserver it would actually be better to remove
expired encryption subkeys. But the keyservers will merge them anyway.
As a compatible hack we could add an 'expired' property to the
export-filter's drop-subkey method. Just did this:
gpg --export-options export-clean \
--export-filter drop-subkey='expired -t' \
--export 1e42b367
removes all my expired subkeys. This is just a first step; we also need
a properties for the key capability.
> --import-filter drop-sig='sig_digest_algo < 8'
>
> and then exported clean/minimal from there; but there's no change. This
> import filter appears to do nothing.
drop-sigs does not work on self-signatures - might this be your problem?
I have not done any these, though.
> Is there a reason beyond "nobody asked for it yet" why there's no
> "expired" filter for drop-subkey/drop-sig?
No. I added filters only when I needed them.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpl1sj7CNsE_.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
