non-exportable OpenPGP certifications [was: Re: hashed user IDs ]

Peter Pentchev roam at ringlet.net
Fri Mar 11 11:54:24 CET 2011


On Fri, Mar 11, 2011 at 09:08:50PM +1100, Ben McGinnes wrote:
> On 11/03/11 6:50 PM, Daniel Kahn Gillmor wrote:
> > On 03/11/2011 01:44 AM, Ben McGinnes wrote:
> >> Ah, this is what I've been looking around for!  For the sake of the
> >> archives, how does one provide a non-exportable certification?
> >> Obviously the export flag won't cut it.
> > 
> > non-exportable OpenPGP certifications are also known as "local"
> > certifications.
> > 
> > To make a non-exportable OpenPGP certification, use:
> > 
> >  gpg --lsign-key frida at example.net
> 
> This bit I knew and have used sporadically, good to know that you were
> referring to what I assumed, though.
> 
> > To put that in a file:
> > 
> >  gpg --export-options export-local --export --armor frida at example.net \
> >     > frida.gpg
> > 
> > Then the receiving party does:
> > 
> >  gpg --import-options import-local --import < frida.gpg
> 
> Oh, excellent.  Just one little clarification; the man page lists the
> parameters as export-local-sigs and import-local-sigs, does shortening
> it the way you have work or does the full option name need to be used?

All the GnuPG command-line commands and options may be abbreviated to
a unique, unambiguous starting part of their names.  Try gpg --clearsi
or gpg --cl, for instance :)

G'luck,
Peter

-- 
Peter Pentchev	roam at ringlet.net roam at FreeBSD.org peter at packetscale.com
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
I've heard that this sentence is a rumor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110311/019a8f08/attachment.pgp>


More information about the Gnupg-users mailing list