Unattended/batch key signing
muelli at cryptobitch.de
Mon Mar 14 16:51:29 CET 2016
On Mo, 2016-03-14 at 11:55 +0100, Werner Koch wrote:
> --quick-sign-key fpr [names]
> --quick-lsign-key fpr [names]
> Directly sign a key from the passphrase without any
> further user interaction.
That's already quite helpful.
Can I make GnuPG not save the signature for a name in the local keyring
but export it to, same stdout?
The reason is that I don't necessarily want my regular keyring to carry
the signature just yet. From what I understand of the currently
believed best practices, I would want to send the signature to the
email address first to verify that the person does indeed have access
to the mailbox.
Currently, this seems to require a rather artistic dance of exporting a
key, deleting all but one UID from a key, signing, and minimally
exporting. For each UID on a key. Not even gpgme seems to be of help
here. Mainly, because I don't see how to make gpgme work with the
default secret keys, but a temporary public keyring.
More information about the Gnupg-users