On Wed, Jan 30, 2008 at 08:50:33AM +0000, Sam Vilain wrote: > Shawn O. Pearce wrote: > > I just read the GnuPG manual and you are obviously correct. The only > > way to get GnuPG to process a key is to load it onto a keyring. > > We could extract the armored (or binary) public key and load it > > onto a temporary keyring created just for the purpose of verifying > > this connection, but that's rather messy. > > It should be fine just to throw the lot into a single keyring, and just > check which key verified it after the fact and whether that key was allowed. > > The Perl Crypt::OpenPGP module doesn't suffer from this problem (and is > performant), though it suffers from a dependency stack that will hurt > everyone except Debian users ;-). Actually, if it's engineered like libgpgme (gpg made easy) is, well, it basically wraps calls to gpg, a thing that we can do ourselves easily usually :) And here is the tool I mentioned in my other mail and forgot to give an url to: http://kitenet.net/~joey/code/jetring/ -- ·O· Pierre Habouzit ··O madcoder@xxxxxxxxxx OOO http://www.madism.org
Attachment:
pgp8Whg6955m2.pgp
Description: PGP signature
