automated key-signing (was "Help")

Michael Young mwy-gpg41 at the-youngs.org
Wed Nov 5 12:05:54 CET 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 > From: David Shaw <dshaw at jabberwocky.com>
 > 1) If you don't mind typing your passphrase over and over, you can
 > do something like

And since you probably do mind :-), you could temporarily eliminate
your passphrase.  I'd do it in a separate keyring: export your secret
key, import it into a new keyring/homedir, edit-key to eliminate the
passphrase, and then use a loop to sign the keys (as David
suggested).
When you're done, securely delete the temporary keyring.

You'll still have to answer questions for each signing, so you'll
also
want to use an "expect" script or something like it.  I really wish
it
were possible to use the tool with absolutely no questions, but it's
not.  (The "expert" switch lets you do some more questionable things,
like re-sign keys or sign expired keys, but it still asks about
them.)
The "status-fd" interface lets you interact programmatically, but
I find it a poor substitute for being able to provide a pure command.

Good luck.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBP6kt1uc3iHYL8FknEQKrOQCglDKDDUaeERrOYD1HtsgO2KIfdIEAoK9d
5qepBdguM1LaRpU4KroTRCqU
=O2tx
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list