Signing decentralized websites

Werner Koch wk at
Sat Nov 21 18:58:49 CET 2020

On Fri, 20 Nov 2020 19:13, cqcallaw said:

> change the behavior. Is there some implementation issue with running
> multiple gpg signing operations in parallel?

This is all serialized because the gpg-agent does the actual signing.
There is one gpg-agent per GNUPGHOME.  Thus the easiest solution for you
is to provide copies of the GNUPGHOME and either set this envvar for
each process or pass --homedir=decicated-homedir-copy.  You can't use
links to the same directory because we use lock files.  However, it
should be possible to sumlink the private-keys-v1.d sub directories.

> 2) Are there any tools to verify detached signatures in the browser?
> As a user, I'd like my browser to check for a signature file and

Mailvelope comes to mind or you write your own thing using gpgme-json as
the native messaging server.  Mailvelope can use gpgme-json.

There is also openpgp.js as a solid Javascript implementation of



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list