Possible to sign &/or encrypt without importing to keyring
dougb at dougbarton.us
Thu Mar 25 22:59:45 CET 2010
On 3/25/2010 2:09 PM, dcbarry wrote:
> Is it possible to encrypt a file to a public key (and/or sign with a private
> key) without first importing into the pub key into a keyring using a stand
> alone file containing the key(s).
I don't believe it's possible, but in any case there are at least two
solutions that are simpler. One would be to import the key, use it, then
delete it (no harm done to what's left behind) and the other, slightly
more complicated but still doable is to create a new keyring file for
the purpose and import the key into it.
In general the concept of "keyring management" is one area (with all due
respect to the developers) that I think gnupg does not make things very
easy. I like to keep keys related to different responsibilities on their
own keyrings, and to further complicate matters I like to keep my
personal public keys on yet another ring. The primary reason I like to
do this is that it allows me to enable the auto-key-retrieve option. I
allow all the automatically retrieved keys to go into pubring.gpg, and
then I periodically delete that ring when it gets too large.
In order to facilitate this in my gpg.conf file I have a section where I
list the active keyrings. Then I copy my conf file to "nokeyrings.conf"
and replace the list of keyrings with no-default-keyring. Then I can use
the following alias:
alias gpgk='gpg --options ~/.gnupg/nokeyrings.conf --keyring'
Assuming you set up something similar you could then do the following:
gpgk onetime-ring.gpg --import <file>
You'll get a warning about your ultimately trusted keys not being found
but once you've got the key imported you can then use it as you normally
would (assuming you either specify that keyring on the command line, or
include it in gpg.conf).
I keep meaning to write up something in more detail about how I manage
my keys and include some feature requests, but for better or worse I
haven't found the time yet. I will probably do it this week though since
I went to a key signing on Tuesday and it's all fresh in my mind.
hope this helps,
... and that's just a little bit of history repeating.
Improve the effectiveness of your Internet presence with
a domain name makeover! http://SupersetSolutions.com/
More information about the Gnupg-users