Controlling Group Membership with PGP Keys

Jerome Baum jerome at
Tue Mar 22 16:41:57 CET 2011

Mike Acker <Mike_Acker at> writes:

> On 03/22/2011 11:01, Jerome Baum wrote:
>> You'd still have  to manually check _who_ signed my  member uid, to make
>> sure it's a group administrator, and timely revocation is an issue.
> Quick and Dirty solution: If I have each member of the group set up an
> address book for the group then it will be straight forward for the
> group administrator to send adds, deletes, and changes pertaining to the
> content of that book.

Actually  thinking   about  this,  use  gpgv  and   maintain  a  trusted
keyring. Sign the  keyring with the admin key and  mail out updates. Say
it's called ~/.gnupg-members.gpg, this is the update procedure:

curl -o ~/.gnupg-updated-members-gpg.gpg <URL-of-keyring>
gpg ~/.gnupg-updated-members-gpg.gpg  #  it's a signature containing the
                                      # original, so we get the file for
                                      # the next step
# assuming the signature was okay/"good enough"
mv ~/.gnupg{-updated,}-members.gpg

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/5eaf694b/attachment.pgp>

More information about the Gnupg-users mailing list