From adb120e663fc5e78f714976c6e42ae233c1990b0 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 1 Jul 2019 15:14:59 +0200 Subject: gpg: New import and keyserver option "self-sigs-only" * g10/options.h (IMPORT_SELF_SIGS_ONLY): New. * g10/import.c (parse_import_options): Add option "self-sigs-only". (read_block): Handle that option. -- This option is intended to help against importing keys with many bogus key-signatures. It has obvious drawbacks and is not a bullet-proof solution because a self-signature can also be faked and would be detected only later. GnuPG-bug-id: 4591 Signed-off-by: Werner Koch (cherry picked from commit 15a425a1dfe60bd976b17671aa8e3d9aed12e1c0) --- doc/gpg.texi | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc/gpg.texi') diff --git a/doc/gpg.texi b/doc/gpg.texi index 74862e526..b00d23af6 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2327,6 +2327,14 @@ opposite meaning. The options are: on the keyring. This option is the same as running the @option{--edit-key} command "clean" after import. Defaults to no. + @item self-sigs-only + Accept only self-signatures while importing a key. All other + key-signatures are skipped at an early import stage. This option + can be used with @code{keyserver-options} to mitigate attempts to + flood a key with bogus signatures from a keyserver. The drawback is + that all other valid key-signatures, as required by the Web of Trust + are also not imported. + @item repair-keys After import, fix various problems with the keys. For example, this reorders signatures, and strips duplicate -- cgit v1.2.3