automated signing with password-less subkeys
Joe Rhett
jrhett@isite.net
Sat Sep 7 10:58:01 2002
Way back when Werner wrote to me:
> It seems that signing does not work. It is possible that I never
> tested it with the old version. GnuPG 1.05 and the 1.0.4h snapshot
> have the key selection code rewritten from scratch I have really
> tested that subkeys are preferred if they are cabable of signing.
> You can seen how these versions select a key by using the option
> "--debug 64".
Well, it appears that key selection is broken again in 1.07. Trying to
update, and here's the results:
% gpg --homedir /website/.gnupg --armor --batch -r jrhett --sign --encrypt < /etc/hosts
gpg: secret key parts are not available
gpg: no default secret key: general error
gpg: [stdin]: sign+encrypt failed: general error
I did this according to standard practice, --export-secret-subkeys into a
new directory and remove the password from the key in that directory.
Here's the --debug 64
% gpg --homedir /website/.gnupg --armor --batch -r jspinks --sign --encrypt --debug 64 < /etc/hosts
gpg: NOTE: no default option file `/website/.gnupg/options'
gpg: DBG: finish_lookup: checking key D2F0CE05 (all)(req_usage=0)
gpg: DBG: using key D2F0CE05
gpg: DBG: finish_lookup: checking key D2F0CE05 (all)(req_usage=0)
gpg: DBG: using key D2F0CE05
gpg: DBG: cache_user_id: already in cache
gpg: secret key parts are not available
gpg: no default secret key: general error
gpg: [stdin]: sign+encrypt failed: general error
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/16384
---
Joe Rhett Chief Geek
JRhett@ISite.Net ISite Services, Inc.