NAME

       email-extract-openpgp-certs - extract OpenPGP certificates from an e-mail

SYNOPSIS

       email-extract-openpgp-certs <message.eml | gpg --import

DESCRIPTION

       email-extract-openpgp-certs extracts all the things it can find that look like they might
       be OpenPGP certificates in an e-mail, and produces them on standard output.

       It currently knows about how to find OpenPGP certificates as attachments of MIME type
       application/pgp-keys, and Autocrypt: style headers.

OPTIONS

       None.

EXAMPLE

           $ notmuch show --format-raw id:b7e48905-842f@example.net >test.eml
           $ email-extract-openpgp-certs <test.eml | gpg --import

LIMITATIONS

       email-extract-openpgp-certs currently does not try to decrypt encrypted e-mails, so it
       cannot find certificates that are inside the message's cryptographic envelope.

       email-extract-openpgp-certs does not attempt to validate the certificates it finds in any
       way.  It does not ensure that they are valid OpenPGP certificates, or even that they are
       of a sane size. It does not try to establish any relationship between the extracted
       certificates and the messages in which they are sent.  For example, it does not check the
       Autocrypt addr= attribute against the message's From: header.

       Importing certificates extracted from an arbitrary e-mail in this way into a curated
       keyring is not a good idea.  Better to extract into an ephemeral location, inspect,
       filter, and then selectively import.

SEE ALSO

       gpg(1), https://autocrypt.org, https://tools.ietf.org/html/rfc4880,
       https://tools.ietf.org/html/rfc3156

AUTHOR

       email-extract-openpgp-certs and this manpage were written by Daniel Kahn Gillmor, with
       guidance and advice from many others.