Unattended/batch key signing

Werner Koch wk at gnupg.org
Mon Mar 14 11:55:01 CET 2016

On Mon, 14 Mar 2016 04:03, bedygotr at ruggedinbox.com said:

> I need to do key signing via script.  This command:

A "save" is missing.  But you can't do it this way because you miss
certain cases where gpg ask you about some special properties.  You need
to implement a state machine to implement the signing (cf. GPA's code).

Better switch to gnupg 2.1:

   --quick-sign-key fpr [names]
   --quick-lsign-key fpr [names]

              Directly sign a key from the passphrase without any
              further user interaction.  The fpr must be the verified
              primary fingerprint of a key in the local keyring.  If no
              names are given, all useful user ids are signed; with
              given [names] only useful user ids matching one of theses
              names are signed.  The command --quick-lsign-key marks the
              signatures as non-exportable.  If such a non-exportable
              signature already exists the --quick-sign-key turns it
              into a exportable signature.

              This command uses reasonable defaults and thus does not
              provide the full flexibility of the "sign" subcommand from
              --edit-key.  Its intended use is to help unattended key
              signing by utilizing a list of verified fingerprints.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list