On Sep 1, 2009, at 1:51 PM, Seidl, Scott wrote:
We use gnupg in an automated mode within the organization to encrypt/
decrypt documents exchanged between companies. The Key Pair we have
is expiring soon and I am replacing it with a new key pair. This
new key would be provided to the other companies before the other
expires.
I have a couple questions about the existing public keys we have
imported to our key ring.
1 – it’s my belief that I have to sign/trust each of the keys with
the new secret key, is that correct?
It depends. Many uses of GPG in an automated mode use "--trust-model
always" or "--always-trust", since there is no need for a web of trust
in their setup. If you are using one of those options, then there is
no need to sign anything. If you are not using one of those options,
you probably need to make some signatures.
2 – Is there any command to do a mass sign or must I do a gpg –u
XXXXXXX --edit-key YYYYYY for each key?
No mass sign ability, but you can do some shell magic like:
for i in (the keyids here)
do
gpg -u XXXXXX --lsign $i
done
This assumes you don't have a passphrase on the key (otherwise you'd
have to type it multiple times as the shell loop ran), but no
passphrases is also a common setup for automated use.
David
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
