--lsign --add-me or the invisible WoT
Stefan Claas
sac at 300baud.de
Wed Jul 31 15:58:57 CEST 2019
Werner Koch wrote:
> On Sat, 20 Jul 2019 11:57, gnupg-users at gnupg.org said:
>
> > additional paramemter like --add-me for --lsign would make sense, for
>
> --quick-sign-key fpr [names]
> --quick-lsign-key fpr [names]
>
> Directly sign a key from the passphrase without any
> further user interaction. The fpr must be the verified
> primary fingerprint of a key in the local keyring. If no
> names are given, all useful user ids are signed; with
> given [names] only useful user ids matching one of theses
> names are signed. By default, or if a name is prefixed
> with a '*', a case insensitive substring match is used.
> If a name is prefixed with a '=' a case sensitive exact
> match is done.
>
> The command --quick-lsign-key marks the signatures as
> non-exportable. If such a non-exportable signature
> already exists the --quick- sign-key turns it into a
> exportable signature.
>
> This command uses reasonable defaults and thus does not
> provide the full flexibility of the "sign" subcommand from
> --edit-key. Its intended use is to help unattended key
> signing by utilizing a list of verified fingerprints.
Thank you, but what I mean is having an exportable 'blob' for the lsign
command, which can be then exchanged and would not be compatible with
key servers, in case someone would try to upload such a blob. This is
what I mean with invisible WoT, so that users do not need to --sign
a key, use lsign instead but still having WoT sigs, without revealing
their WoT to other third parties. Hope this makes sense.
Regards
Stefan
--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
More information about the Gnupg-users
mailing list