Peter,
On Tue, Nov 12, 2013 at 02:57:36PM +0000, Peter Maydell wrote:
> Can somebody provide known-good instructions for how to
> sign and return keys? I looked on the web and found four
> different possible ways to do this (most notably, there
> seems to be a split between "just send keys back to
> the keyserver" and "email something to the keyowner"),
> and as usual gpg's UI is hopelessly opaque and confusing :-(
I've pasted my key-signing bash script below. At the (few) key signing
parties I've been to, the idea was "upload to keyserver as a personal
favor to those you already know and like, email signatures encrypted
with the recipient's key to those you've only just met at the party".
Assuming a text file with one key signature per line, the bits that
are commented out were used to import keys and display fingerprints
for comparison with the stuff we had printed on paper and verified at
the party. The uncommented bits will do the signature export,
encryption with the recipient's key, and emailing.
HTH,
--Gabriel
#!/bin/bash
for F in $(cat fingerprints.txt); do
# receive keys matching ID $F:
#gpg --recv-keys $F
# list fingerprint for key matching ID $F:
#gpg --fingerprint $F
# sign key matching ID $F:
#gpg --sign-key $F
# send signature to recipient matching first uid, encrypted with recipient key
E=$(gpg --list-key $F | grep ^uid | head -1 | sed 's/.*<\(.*\)>.*/\1/')
gpg --armor --export $F | gpg --armor --encrypt -r $F | \
mailx -r gsomlo@xxxxxxxxx -s "the signature you requested (by $F)" $E
echo "sent signature $F $E"
done
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
