keysigning: lsign and offline master key

Daniel Kahn Gillmor dkg at
Sun Jan 5 01:38:00 CET 2014

On 01/04/2014 04:41 PM, nb.linux wrote:
> - I'm stuck, because (as I understand the lsign) I cannot export
> the signature...
> Is this right?
> How can I lsign a key and transfer the local signature from my air
> gapped system?
> Maybe by copying the keyring files between the systems?

You have at least two approaches available to you:

 0) --export-options export-local on your air-gapped system, combined
with --import-options import-local on your "regular" system.

 1) create a secret key that lives only on your "regular" system; give
it ultimate ownertrust, but never publish it.  Use it to make
non-exportable signatures.

Would either of these workflows meet your goals?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140104/05cd0dda/attachment.sig>

More information about the Gnupg-users mailing list