On Mon 2019-02-25 07:54:33 +0100, Olliver Schinagl wrote: > What I am trying to accomplish, is to generate an OS image, which > contains a public gpg key. The public is added using gpg --import and > kets added to the newly created pubkey.gpg.
I think your description here is missing some background: why do you
need the public OpenPGP key in your OS image?
If the goal is just to use it with gpgv (e.g. to verify software updates
or some other post-build artifact that you'll fetch over the network)
then i recommend just explicitly pointing gpgv at the curated keyring
using --keyring, and not bothering with public.gpg or anything else.
This is the best approach because it lets you precisely control what is
being checked against, and you don't have to worry that other uses of
~/.gnupg/trustedkeys.{gpg,kbx} might end up polluting the specific check
you're hoping to make strong.
if you want an analogous example, check out the best-pratice guidance in
https://wiki.debian.org/DebianRepository/UseThirdParty about using
isolated keys per repository (with apt's Signed-By: options).
Regards,
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
