Doing --batch --lsign of a subset of uids in multiple keys (each with many uids)

David Shaw dshaw at
Sun Dec 21 17:08:24 CET 2008

On Dec 21, 2008, at 2:19 AM, Robin H. Johnson wrote:

> I'm trying to add a local signature to a subset of uids (those  
> matching
> for each key in a large keyring (~570 keys right now).
> The docs need some clearing up. There seems to be no way to select a
> specific uid (not key, but the uid). Basically an analogue of being  
> able
> to select which subkey (basically "0xDEADBEEF!").
> "gpg --lsign IDENTIFIER" only seems to let me choose the overall key,
> not which uid I'd like to sign, and assumes that I want to sign all
> uids, which isn't the case.

GPG does support picking a particular uid out from a key, but it's not  
part of the --lsign-keys and --sign-keys "short cuts".  These short  
cuts just do "--edit-key (thekey) sign save", so you can do the same  
(it's a little clunky):

gpg --fixed-list-mode --with-colons --list-keys gentoo | awk 'BEGIN  
{ FS = ":" } ; $1 == "pub" {KEY = $5} ; $1 == "uid" && $10 ~ "\@gentoo 
\.org" { system("gpg --edit-key " KEY " \"uid " $8 "\" lsign") }'


More information about the Gnupg-devel mailing list