Signing decentralized websites

cqcallaw cqcallaw at
Sun Nov 22 02:06:53 CET 2020

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, November 21, 2020 9:58 AM, Werner Koch <wk at> wrote:

> On Fri, 20 Nov 2020 19:13, cqcallaw said:
> > change the behavior. Is there some implementation issue with running
> > multiple gpg signing operations in parallel?
> This is all serialized because the gpg-agent does the actual signing.
> There is one gpg-agent per GNUPGHOME. Thus the easiest solution for you
> is to provide copies of the GNUPGHOME and either set this envvar for
> each process or pass --homedir=decicated-homedir-copy. You can't use
> links to the same directory because we use lock files. However, it
> should be possible to sumlink the private-keys-v1.d sub directories.
> > 2.  Are there any tools to verify detached signatures in the browser?
> >     As a user, I'd like my browser to check for a signature file and
> >
> Mailvelope comes to mind or you write your own thing using gpgme-json as
> the native messaging server. Mailvelope can use gpgme-json.
> There is also openpgp.js as a solid Javascript implementation of
> OpenPGP.
> Shalom-Salam,
> Werner
> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Many thanks. I've written a Python script ( to handle the parallel signing; I'll look into the browser options shortly.


More information about the Gnupg-users mailing list