automated GPG ? [self-reply]

Ivan Lamouret ivan.lamouret@novitek.fr
Tue Sep 4 14:55:01 2001


Sorry I did not check the *devel* list before my first post.
I still think however that the Section 4.13 of the FAQ is not that clear on
the subject. see e.g.
automated signing with password-less subkeys
(http://lists.gnupg.org/pipermail/gnupg-devel/2001-April/005933.html)
Unable to use batch mode to sign and encrypt a document with gpg
(http://lists.gnupg.org/pipermail/gnupg-devel/2001-August/006292.html)

So here is the response to my question

1) the way to handle secring.auto is obscure to newbies : in fact one should
name the file secring.gpg directly, gpg does not recognize the .auto thing.

cd autodir
gpg --export-subkeys --no-comment > secring.gpg
etc...

the process of creating the signing subkey is correct, BUT :
2) the way to use gpg once BOTH the public keyring and the new secret
keyring are copied to the target machine is to indicate to gpg which key you
want (it seems unable to choose the key by itself, hence the "no secret
parts" error message!) :

gpg --local-user [name] (does not work with 1.0.4, but does with 1.0.6)
OR gpg --default-key [name | K_ID] (with 1.0.4 it seems you have to use the
key id)

Of course you can check that's working before moving to the target machine
with
gpg --homedir your_autodir --default-key your-key-id --clearsign  your_file


Hopes this will help someone,

Ivan