On 2017-03-03 at 09:51 +0100, Werner Koch wrote: > Not cleaning expired subkeys is a good thing for secret key export, so > that you can keep on decyrpting old mails.
Sure, but this is a non-secret export, for the versions for publication. > Exporting an expired public > key can be helpful to see your expired key. I can see this for a signing key, so that old signatures can be validated, but I don't see that it's a helpful default for encryption subkeys, and since encryption subkeys are the only ones typically created by default, that seems dominant. > As a compatible hack we could add an 'expired' property to the > export-filter's drop-subkey method. Just did this: > > gpg --export-options export-clean \ > --export-filter drop-subkey='expired -t' \ > --export 1e42b367 > > removes all my expired subkeys. This is just a first step; we also need > a properties for the key capability. I see commit 1813f3be and will build/test this and report back on the devel list if I experience issues. Thanks! > drop-sigs does not work on self-signatures - might this be your problem? > I have not done any these, though. Ugh, yes. Thanks, I explored everything I could see and kept running into roadblocks. Thanks for clearing a new path through. -Phil _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
