VAGUE Archives

February 2006


Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Anthony Carrico <[log in to unmask]>
Reply To:
Vermont Area Group of Unix Enthusiasts <[log in to unmask]>
Fri, 17 Feb 2006 20:39:33 -0500
text/plain (1890 bytes) , signature.asc (188 bytes)
On Fri, Feb 17, 2006 at 06:30:56PM -0500, John Campbell wrote:
> 	First, fetch the key from the keyserver:
> gpg --keyserver --search-keys "User ID"

Or better yet use the short key id:

gpg --keyserver --recv-key ABCD1234

or better yet put "keyserver" in your gpg.conf and
just do:

gpg --recv-key ABCD1234

> 	Now, this seems to work okay for people who have only one UID/email
> on their keys (and those of you who only provided one should have key
> signatures produced by this method from me in your inboxes). Where I'm stuck
> is in figuring out whether it's possible (or, indeed, desirable) to
> separately sign each of the UIDs on a multiple-UID key, but send *only* the
> signature for that specific UID to the email associated with that specific
> UID.

> 	Anyone got any suggestions? Or should I not worry about this and
> just ship all signed UIDs to the primary email?

I think that this is more complicated than I lead you all to believe,
since GnuPG doesn't seem to have an interface to it with one easy
export command.

I think you may have to do something like using a TEMPORARY key ring
to create and export each sig. Then you just email it and later it
will show up in your real keyring when it makes it into a keyserver
and you sync.

There is a script to accomplish this task called "caff" (CA fire and

Is there a Perl expert who will volunteer to grab the caff source and
check if it works like I guess?

Using a temporary keyring to generate the sig has the nice benefit
that you won't accidentally export the sig yourself. We talked about
using the local signature functionality to achieve this safety but
actually "--lsign-key" is NOT a good option, since there isn't an easy
way to remove the local flag.

Sorry for the confusion. Fire away with more questions if necessary.

Anthony Carrico