On 2016-09-01 16:11:03, Antoine Beaupré wrote: > On 2016-09-01 15:28:10, Daniel Kahn Gillmor wrote: >>> Or should we copy all secret key material to the temporary keyring and >>> let gpg deal with it its own way? >> >> yuck, i really don't like copying secret key material if we can avoid >> it. > > we do copy the first secret key right now. it felt better than operating > directly on the main keyring.
actually, this is incorrect: we use --secret-keyring to access the real keyring. note, btw, that this may mean monkeysign will fail in weird ways with gpg 2.1, because we explicitely use secring.gpg... not sure how to handle this better. we do look at the secret keys to find the first working one, and then export the *public* part of that key to the temporary keyring. maybe this is the part that fails, because then default-key cannot find the public part of the key we have chosen. in this case, the fix would be to copy *all* public parts of *all* the secret keys we have, regardless of whether it's the chosen one. a. -- Seul a un caractère scientifique ce qui peut être réfuté. Ce qui n'est pas réfutable relève de la magie ou de la mystique. - Karl Popper