non-exportable OpenPGP certifications [was: Re: hashed user IDs ]

Ben McGinnes ben at adversary.org
Fri Mar 11 11:08:50 CET 2011


On 11/03/11 6:50 PM, Daniel Kahn Gillmor wrote:
> On 03/11/2011 01:44 AM, Ben McGinnes wrote:
>> Ah, this is what I've been looking around for!  For the sake of the
>> archives, how does one provide a non-exportable certification?
>> Obviously the export flag won't cut it.
> 
> non-exportable OpenPGP certifications are also known as "local"
> certifications.
> 
> To make a non-exportable OpenPGP certification, use:
> 
>  gpg --lsign-key frida at example.net

This bit I knew and have used sporadically, good to know that you were
referring to what I assumed, though.

> To put that in a file:
> 
>  gpg --export-options export-local --export --armor frida at example.net \
>     > frida.gpg
> 
> Then the receiving party does:
> 
>  gpg --import-options import-local --import < frida.gpg

Oh, excellent.  Just one little clarification; the man page lists the
parameters as export-local-sigs and import-local-sigs, does shortening
it the way you have work or does the full option name need to be used?


Regards,
Ben



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110311/88d25c47/attachment.pgp>


More information about the Gnupg-users mailing list