path: root/email-extract-openpgp-certs.1.pod
diff options
authorDaniel Kahn Gillmor <>2019-07-25 12:38:52 -0400
committerSean Whitton <>2019-07-29 07:38:09 +0100
commit5929eabef63e0167ead14a81f30097c9397f7ee4 (patch)
tree135c26cdc1ffb8f36e5098d061716500d0de88cb /email-extract-openpgp-certs.1.pod
parent701c568e78d17f00d44c51201736177323d03e32 (diff)
Add email-extract-openpgp-certs
Hopefully this tool is useful for other people, not just for myself and Anarcat. Signed-off-by: Daniel Kahn Gillmor <>
Diffstat (limited to 'email-extract-openpgp-certs.1.pod')
1 files changed, 57 insertions, 0 deletions
diff --git a/email-extract-openpgp-certs.1.pod b/email-extract-openpgp-certs.1.pod
new file mode 100644
index 0000000..8b7916e
--- /dev/null
+++ b/email-extract-openpgp-certs.1.pod
@@ -0,0 +1,57 @@
+=head1 NAME
+email-extract-openpgp-certs - extract OpenPGP certificates from an e-mail
+=head1 SYNOPSIS
+B<email-extract-openpgp-certs> < B<message.eml> | B<gpg> B<--import>
+B<email-extract-openpgp-certs> extracts all the things it can find
+that look like they might be OpenPGP certificates in an e-mail, and
+produces them on standard output.
+It currently knows about how to find OpenPGP certificates as
+attachments of MIME type application/pgp-keys, and Autocrypt: style
+=head1 OPTIONS
+=head1 EXAMPLE
+=over 4
+ $ notmuch show --format-raw > test.eml
+ $ email-extract-openpgp-certs < test.eml | gpg --import
+B<email-extract-openpgp-certs> currently does not try to decrypt
+encrypted e-mails, so it cannot find certificates that are inside the
+message's cryptographic envelope.
+B<email-extract-openpgp-certs> does not attempt to validate the
+certificates it finds in any way. It does not ensure that they are
+valid OpenPGP certificates, or even that they are of a sane size. It
+doeds not try to establish any relationship between the extracted
+certificates and the messages in which they are sent. For example, it
+does not check the Autocrypt addr= attribute against the message's From:
+Importing certificates extracted from an arbitrary e-mail in this way
+into a curated keyring is not a good idea. Better to extract into an
+ephemeral location, inspect, filter, and then selectively import.
+=head1 SEE ALSO
+=head1 AUTHOR
+B<email-extract-openpgp-certs> and this manpage were written by Daniel
+Kahn Gillmor, with guidance and advice from many others.