VAGUE Archives

February 2006

VAGUE@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Anthony Carrico <[log in to unmask]>
Reply To:
Vermont Area Group of Unix Enthusiasts <[log in to unmask]>
Date:
Mon, 20 Feb 2006 19:42:10 -0500
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (1675 bytes) , signature.asc (188 bytes)
On Sat, Feb 18, 2006 at 06:50:14PM -0500, John Campbell wrote:
> 	Armed with this suggestion, I've produced a shell script to do the
> drudge work involved in this...

I thought of another very simple way to do it with gpg natively: just
delete your signature from the uid after you export and email. The
only issue with this method is that gpg will moan about it.

Also, an issue with John's script: The clearsiging makes it difficult
to --import the key. I had to strip the signature. The problem is that
the second layer of ASCII armor has to escape the first with a "- ".
Either don't bother signing the message, or use an attachment for the
exported key.

And finally, an issue with both my original typescript and John's
script: I found that my signatures leaked on and off my default
keyring with our first iteration of this method. I had to be a little
more aggressive about hiding the default keyring to achieve the
desired effect. Example:

#!/bin/bash
MYKEYID=7ED06B5C
GPG=/usr/bin/gpg
MYKEY=$HOME/tmp/mykey$$
KEYRING=$HOME/tmp/keyring$$
SIGNATURE=$HOME/tmp/$1
SECRING=$HOME/.gnupg/secring.gpg
umask 077
rm $KEYRING
touch $KEYRING
$GPG --export $MYKEYID > $MYKEY
$GPG --no-default-keyring --keyring=$KEYRING --import $MYKEY
rm $MYKEY
echo "Fetching key $1..."
$GPG --no-default-keyring --keyring=$KEYRING --recv-key ${1}
$GPG --no-default-keyring --secret-keyring=$SECRING --keyring=$KEYRING --edit-key ${1}
$GPG --no-default-keyring --keyring=$KEYRING --armor --export ${1} > $SIGNATURE
$GPG --no-default-keyring --keyring=$KEYRING --list-sigs ${1}
rm $KEYRING
rm ${KEYRING}~

This completely seals your keyring off from the new signatures.

-- 
Anthony Carrico
http://giftfile.org


ATOM RSS1 RSS2