Is there a way to comment a key locally?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jul 29 18:34:52 CEST 2015


On Wed 2015-07-29 07:05:50 -0400, MFPA wrote:
> On Wednesday 29 July 2015 at 3:53:47 AM, in <mid:55B8403B.8050207 at gmail.com>, fmv1992 at gmail.com wrote:
>
>> Is there a way to comment a key locally?
>
> I think the closest currently available is a non-exportable signature
> with brief comment in a signature notation.

That's exactly what i do with a small (fairly clumsy) script "lcert":

--------
#!/bin/bash
read -e -p 'lsig reason: ' reason
gpg2 --lsign --cert-notation "lsigreason at notations.openpgp.fifthhorseman.net=${reason}" "$1"
--------

the main issue is when the cert i'm making such a notation on has
multiple user IDs and then gpg falls back to prompting whether i want to
sign all uids or not -- if i say "no", then i have to select the
relevant uids, and then type "lsign" and "save" in the gpg subshell.

note that this has the side effect of marking every lsigned key+user id
as valid (since i'm certifying it with my own key).

If that's not what you want, you can also just keep a separate text file
(or addressbook or whatever data storage you're most comfortable with)
with your own notes about the person/key in question.

   --dkg



More information about the Gnupg-users mailing list