Is signing a file with multiple keys possible
Thomas Jarosch
thomas.jarosch at intra2net.com
Sat Mar 24 14:19:25 CET 2018
Hi Dirk,
On 03/24/2018 02:04 AM, Dirk Gottschalk via Gnupg-users wrote:
>>> Is it possible to sign a file with multiple keys?
>>
>> Yes. Slightly lower-level operations than normal signing, but not by
>> much, you just need to know about enarmor/dearmor and how signatures
>> are
>> put together.
>> ...
>
> Thank you very much. It's like chaining up PEM Certs in OpenSSL. Why
> didn't I even think about this? The Format is so similar.
it's even easier when two or more people sign at the same time,
just supply "-u KEYID" multiple times.
At $dayjob our software updates are signed with two smartcards
(four eye principle). Here's the relevant part from the sign script:
gpg_cmd = ['/usr/bin/gpg2', '--personal-digest-preferences', 'sha256']
for gpg_id in gpg_sign_ids:
gpg_cmd.extend(['-u', gpg_id])
gpg_cmd.extend(['--sign', shlex.quote(target_file)])
Cheers,
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180324/f29c8460/attachment.sig>
More information about the Gnupg-users
mailing list