export single UID of a key

Michael Nahrath gnupg-users@nahrath.de
Tue Apr 8 04:10:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For e-mail validation after keysignings there are basically two methods:

1. Send a challenge in an encrypted mail to each UIDs e-mail address and
wait for the decrypted answers before you sign.

2. Sign only one UID and send it in an encrypted mail to this UID's mail
address.
Do this for every UID in a key seperately.
Do _not_ keep these signatures in your normal keyring.
If the key owner uploads the signatures to the keyservers he prooves that
he owns the secret key. You get your signature back via '--refresh-keys'.

The second is the way I want to go. Currently I use basically those steps:

gpg --recv-key $KEYID
# START loop: 
# repeat until only 1 UID left
    gpg --default-cert-check-level 3 --edit-key $KEYID uid 1 sign save
    gpg -a --export $KEYID \
    | gpg -a -e -r $KEYID \
    | mail -b $MY_MAIL -s "your signed key" `gpg --list-key $KEYID \
        | grep "@" | cut -d "<" -f2 | cut -d ">" -f 1 | head -1`
    gpg --edit-key $KEYID uid 1 deluid save
# END loop
gpg --delete-key $KEYID
gpg --recv-key $KEYID

So the first UID is signed, the full key exported and sent, the first UID
is deleted and now the prior second UID is the first and the game goes on
(with the key getting shorter in each turn).

Currently this only works correctly in GPG 1.2.2rc1 because in earlier
versions '--list-key' and '--edit-key' have different sorting orders, if
the primary UID is not the first.

Of course this should be done on a temporary keyring and the mail sending
could be enhanced. Both is already scripted - but that is not the point.

I have the feeling: There must be a better way to do this!

Something like 

1. Sign the full key
2. Export only one UID of the key
3. Encrypt and send the exported one-UID-key
4. Back to 2.

Is there a way to export only one UID?

If not I'll have to stay with the destructive method.
In this case:
Is there a way to sign and delete only one UID of a key without using the
interactive '--edit-key'?

Greeting, Michi
-----BEGIN PGP SIGNATURE-----
Comment: http://www.biglumber.com/x/web?qs=0x9A4C704C

iEYEARECAAYFAj6SL14ACgkQ19dRf5pMcEx0qwCfRO/Xjr73D+LuxpgZjkpkNbJa
1XAAn3HkgM2HkzwDHTAEdTh00VIBy9SX
=vEZA
-----END PGP SIGNATURE-----