Unattended/batch key signing
wk at gnupg.org
Mon Mar 14 11:55:01 CET 2016
On Mon, 14 Mar 2016 04:03, bedygotr at ruggedinbox.com said:
> I need to do key signing via script. This command:
A "save" is missing. But you can't do it this way because you miss
certain cases where gpg ask you about some special properties. You need
to implement a state machine to implement the signing (cf. GPA's code).
Better switch to gnupg 2.1:
--quick-sign-key fpr [names]
--quick-lsign-key fpr [names]
Directly sign a key from the passphrase without any
further user interaction. The fpr must be the verified
primary fingerprint of a key in the local keyring. If no
names are given, all useful user ids are signed; with
given [names] only useful user ids matching one of theses
names are signed. The command --quick-lsign-key marks the
signatures as non-exportable. If such a non-exportable
signature already exists the --quick-sign-key turns it
into a exportable signature.
This command uses reasonable defaults and thus does not
provide the full flexibility of the "sign" subcommand from
--edit-key. Its intended use is to help unattended key
signing by utilizing a list of verified fingerprints.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users