non-exportable OpenPGP certifications [was: Re: hashed user IDs ]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 11 08:50:33 CET 2011


On 03/11/2011 01:44 AM, Ben McGinnes wrote:
> Ah, this is what I've been looking around for!  For the sake of the
> archives, how does one provide a non-exportable certification?
> Obviously the export flag won't cut it.

non-exportable OpenPGP certifications are also known as "local"
certifications.

To make a non-exportable OpenPGP certification, use:

 gpg --lsign-key frida at example.net

To put that in a file:

 gpg --export-options export-local --export --armor frida at example.net \
    > frida.gpg

Then the receiving party does:

 gpg --import-options import-local --import < frida.gpg

 -----------------

So, for example, if you wanted to mail your certifications over alice's
key to bob without exposing them over the network, you would do
something like:

gpg --export-options export-local --export --armor alice at example.net | \
 gpg --encrypt --armor -r bob at example.net | \
 mail -s 'sekrit info 4 u' bob at example.net

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/7c87623e/attachment.pgp>


More information about the Gnupg-users mailing list