Doing --batch --lsign of a subset of uids in multiple keys (each with many uids)
David Shaw
dshaw at jabberwocky.com
Sun Dec 21 17:08:24 CET 2008
On Dec 21, 2008, at 2:19 AM, Robin H. Johnson wrote:
> I'm trying to add a local signature to a subset of uids (those
> matching
> @gentoo.org) for each key in a large keyring (~570 keys right now).
>
> The docs need some clearing up. There seems to be no way to select a
> specific uid (not key, but the uid). Basically an analogue of being
> able
> to select which subkey (basically "0xDEADBEEF!").
>
> "gpg --lsign IDENTIFIER" only seems to let me choose the overall key,
> not which uid I'd like to sign, and assumes that I want to sign all
> uids, which isn't the case.
GPG does support picking a particular uid out from a key, but it's not
part of the --lsign-keys and --sign-keys "short cuts". These short
cuts just do "--edit-key (thekey) sign save", so you can do the same
(it's a little clunky):
gpg --fixed-list-mode --with-colons --list-keys gentoo | awk 'BEGIN
{ FS = ":" } ; $1 == "pub" {KEY = $5} ; $1 == "uid" && $10 ~ "\@gentoo
\.org" { system("gpg --edit-key " KEY " \"uid " $8 "\" lsign") }'
David
More information about the Gnupg-devel
mailing list