--lsign --add-me or the invisible WoT

Friedhelm Waitzmann gnupgmlusers.fwnsp at xoxy.net
Thu Aug 1 03:50:08 CEST 2019

Stefan Claas:

>I lsign Bob's key so third parties do not know (normally) that I did
>this. But how could my friend Alice trust Bob's key she has without
>my non-exportable lsign sig?

>What I tried to propose is an additional parameter, like --add-me
>which would write a 'blob' to a second file.db where I can export
>then Bob's blob (non-compatible to SKS etc.) with my --lsign sig,
>and give it to my friend Alice.

I think, this can be done with GnuPG as it is:

In the following GnuPG invocations $TEMP_KEYRING stands for a
temporary key ring:

(1) export Bob's key from your default key ring, minimize it, and
    import it into the temporary one.
    $ gpg --export-options=export-minimal \
    --export =user_id_of_Bob | \
    gpg --no-default-keyring --keyring=$TEMP_KEYRING --import

Now you have Bob's public key minimized in the temporary key

(2) lsign a user id of Bob:
    $ gpg --no-default-keyring --keyring=$TEMP_KEYRING \
    --lsign =user_id_of_Bob

(3) export this version of Bob's public key into a public key
    block Bob.pubkey, that you can give to Alice:
    $ gpg --no-default-keyring --keyring=$TEMP_KEYRING \
    --export-options=export-local-sigs \
    --output Bob.pubkey \

(4) import your local signature into your default key ring:
    $ gpg --import-options=import-local-sigs --import Bob.pubkey

>Later If Alice knows Bob better
>or personally knows him she can --lsign --add-me Bob's key ('blob')
>too and give it to her friend Mary.

Alice would do the same:  Import Bob's keyblock Bob.pubkey
into a temporary key ring using
--import-options=import-local-sigs, lsign it there, export it
using --export-options=export-local-sigs into
Bob.pubkey, give Bob.pubkey to Mary and import
Bob.pubkey using --import-options=import-local-sigs in
her default key ring.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 13051 bytes
Desc: PGP Key 0xD0B55F3592C00CED.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190801/d38efb4f/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190801/d38efb4f/attachment-0001.sig>

More information about the Gnupg-users mailing list