controlling the use of subkeys
Robin H. Johnson
robbat2 at gentoo.org
Sun Dec 24 03:43:30 CET 2006
On Sat, Dec 23, 2006 at 09:24:13PM -0500, Mike Frysinger wrote:
> > My suggestion: figure out exactly what you need it to do and send it on
> > to the list. If you need more than one sentence to do it, you may not
> > understand your basic problem very well.
To side-step the arguments here. Mike's just a Gentoo developer that
wants to sign stuff. He doesn't care how it works, so long as it works,
and everybody is happy with the security of it.
I'm the Gentoo developer that is busy (with far too many things)
creating a full plan of action regarding key usage and management.
The only stumbling block on the part of GnuPG itself thus far is the
need for an Assuan interface to GnuPG itself (not gpgsm) - gpgme is too
slow since it exec()s fresh copies of gpg each time you make a call, and
we we want to verify lots of ASCII-armoured files on demand (potentially
30k of them), this hurts badly.
> this time around, i thought i'd be lazy and just create a subkey off of
> E837F581 since it seemed to be a bit quicker (205D3103). then i noticed that
> even though i told some programs to use E837F581 to do signing, they'd turn
> around and use the subkey 205D3103, thus this e-mail chain ive started.
*waves at Mike*
Mike, to answer your question directly,
PORTAGE_GPG_KEY="0xE837F581!"
Put it in your environment and your make.conf.
If that doesn't work, give me a shout directly.
--
Robin Hugh Johnson
E-Mail : robbat2 at gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : /pipermail/attachments/20061223/61ef1747/attachment.pgp
More information about the Gnupg-users
mailing list