export single UID of a key

Michael Nahrath gnupg-users@nahrath.de
Tue Apr 8 23:34:02 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Harris <jharris@widomaker.com> schrieb am 2003-04-08 19:49:

> On Tue, Apr 08, 2003 at 04:11:28AM +0200, Michael Nahrath wrote:
> 
>> The second is the way I want to go. Currently I use basically those steps:
>> 
>> gpg --recv-key $KEYID
>
>> # START loop: 
>> # repeat until only 1 UID left
>>     gpg --default-cert-check-level 3 --edit-key $KEYID uid 1 sign save
>>     gpg -a --export $KEYID \
>>     | gpg -a -e -r $KEYID \
>>     | mail -b $MY_MAIL -s "your signed key" `gpg --list-key $KEYID \
>>         | grep "@" | cut -d "<" -f2 | cut -d ">" -f 1 | head -1`
>>     gpg --edit-key $KEYID uid 1 deluid save
>> # END loop
>
>> gpg --delete-key $KEYID
>> gpg --recv-key $KEYID
> 
> I hope you are checking the fingerprints after each keyserver fetch.

There is only on keyserver fetch at the very beginning (and one after the
end). No network fetching is included in the loop.

Do you think it neccesary to check the fingerprint again if after a
- --refresh-keys two days later I receive my own signature on a key?

> I would think it would be easier to sign all the userids at once
> (one keyserver fetch,

Ther is only one keyserver fetch

> one fp check, one passphrase entry)

You are right. Giving 6 seperate signatures to a key with 6 UIDs results in
having to check the fingerprint 6 times and to give in the passphrase 6
times. 

> and remove 
> all but one userid before sending the signed key to that address.

Once sign the full key, back it up to a temporary location and then import
it again for each UID. Would need a bit more scripting but it reduces the
amount of manulal signing to a minimum. I should try this.
 
> Have you looked into running RobotCA manually to assist in this process?
> See key 0xC521097E and http://www.toehold.com/robotca/ .

I'll have a look on it.

Even if I personally don't like the idea of the
signing-without-idendity-checking the robot does
its code may be perfect _after_ a key signing party with
full contact. Fine idea!

>> 2. Export only one UID of the key
 
> Deleting the userids will have to suffice since I don't believe you
> can selectively export userids.

Pitty! 
Is there at least a way of deleting certain userids without using the
intractive '--edit-key' shell?

Thanks, Michi

-----BEGIN PGP SIGNATURE-----
Comment: http://www.biglumber.com/x/web?qs=0x9A4C704C

iEYEARECAAYFAj6TQH8ACgkQ19dRf5pMcExguwCeP8cjQ4WRfPgU7z0e05XpReLM
vOQAnihRw0flUv1UPXCx7LBhvuNSdJLr
=zLx8
-----END PGP SIGNATURE-----