2

I recently needed to publish my PGP key. However the export is veeery long:

$ gpg2 --list-secret-keys --keyid-format LONG
/home/user/.gnupg/pubring.kbx
-----------------------------
sec   rsa4096/51DAE9B7C1AE9161 2015-06-17 [SCA] [expires: 2023-04-21]
      97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161
uid                 [ultimate] NicoHood <removed>
uid                 [ultimate] N <removed>
uid                 [ultimate] NNNNN <removed>
uid                 [ultimate] NNNNN <removed>
uid                 [ultimate] _____ <removed>
uid                 [ultimate] NicoHood <removed>
uid                 [ultimate] NicoHood <gremoved>
uid                 [ultimate] _____ <removed>
uid                 [ultimate] _____ <removed>
uid                 [ultimate] NNNNN <removed>
uid                 [ultimate] NicoHood <removed>
uid                 [ultimate] NicoHood <removed>
uid                 [ultimate] NicoHood <removed>
ssb   rsa4096/E441069FE948D07A 2015-06-17 [E] [expires: 2023-04-21]

$ gpg2 --armor --export 97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161 | wc -l
583
  • Is there an option to only output the key with one identity?
  • Is it possible to shorten the output to less than those ~500 lines? (maybe with or without the idea above)
  • How can I fix those ugly names?
NicoHood
  • 131
  • 3

1 Answers1

2

You can specify export options, including a minimal export which produces very small files:

gpg2 --armor --export --export-options export-minimal 97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161

You can filter uids using --export-filter with the keep-uid filter:

... --export-filter keep-uid="uid =~ <email>"

Fixing anything else typically involves editing the key.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • Do you also have any idea what is the best way to fix those ugly names? I've added those entries in thunderbird and the name required to have at least 5 characters. I did not want to add a name at that time, so the ugly names exist. Will it be a problem to delete those or should I revoke them? If someone else signes my key, does he sign the uid as well? How can I check existing signatures? – NicoHood Oct 29 '20 at 12:15
  • You can delete them outright. Signatures sign uids, but that doesn’t really matter in practice unless you have signatures on your “ugly” uids but not on the others. `gpg2 --check-sigs uid` will show you the signatures on a given uid. – Stephen Kitt Oct 29 '20 at 15:23