Unattended/batch key signing

Tobias Mueller muelli at cryptobitch.de
Mon Mar 14 16:51:29 CET 2016


On Mo, 2016-03-14 at 11:55 +0100, Werner Koch wrote:
>    --quick-sign-key fpr [names]
>    --quick-lsign-key fpr [names]
>               Directly sign a key from the passphrase without any
>               further user interaction. 
That's already quite helpful.

Can I make GnuPG not save the signature for a name in the local keyring
but export it to, same stdout?

The reason is that I don't necessarily want my regular keyring to carry
the signature just yet. From what I understand of the currently
believed best practices, I would want to send the signature to the
email address first to verify that the person does indeed have access
to the mailbox.

Currently, this seems to require a rather artistic dance of exporting a
key, deleting all but one UID from a key, signing, and minimally
exporting. For each UID on a key.  Not even gpgme seems to be of help
here. Mainly, because I don't see how to make gpgme work with the
default secret keys, but a temporary public keyring.


More information about the Gnupg-users mailing list