Chris Knadle wrote: > On Sunday, March 09, 2014 23:59:35 Jack Chastain wrote: > > Yep - the issue was "conceptual" I think. It appears (to Joe and me) that > > the instructions for the sub-key was under the assumption that your laptop > > was your mobile system and your "base" computer was something less > > portable. The idea being that the server that you actually did key work on > > was NOT portable... and would therefore have ALL the keys.... > > That's the most common way in which I think this is done, but it's not the > only way. > > > Ah, assumptions. > > > > So - with Joe's assistance, I deleted my key and re-added it from my saved > > keys on the USB stick - and was THEN able to sigh keys. > > Right. The catch comes when you later want to remove the full key and only > import the relevant subkey bits (public and private). Hopefully you've got > instructions for that bit, as you probably did it in the first place.
Yeah, the tool is picky about the kinds of things that you can merge into your key-tree. I deleted and re-imported a couple of times while playing around with this. As an alternative to key wrangling, though, for the specific problem of signing with a secured master key you can mount the flash-drive and then specify the gpg --homedir option to indicate that the tool should use the mounted directory instaad of ~/.gnupg > > > One step higher. Now to figure out the next thing. > > Right. After signing keys, those signatures are only local on your machine. > > > > Assuming the next procedure uses key servers (which is the most common way to > start with), you would then do > > 'gpg --send-keys <key IDs>' > > to push the keys you've signed up to a key server, and then the users of > those > keys need to be notified and pull the signatures from a key server (after > they've had time to sync with the one you pushed the key to) via > 'gpg --refresh-keys'. You can also use 'gpg --referesh-keys' to watch keys > you know about to see who has recently gotten new signatures and how many, > and > then interrogate via 'gpg --list-sigs <keys>' afterwards to see specifics of > who has signed someone's key. > > Occasionally someone's key is "offline only" in which case this method won't > work for them, as it would require their key to be on a key server. I doubt > anybody in this group is using an "offline-only" key, as it's rather unusual. > > -- Chris > > -- > Chris Knadle > [email protected] > _______________________________________________ > Mid-Hudson Valley Linux Users Group http://mhvlug.org > https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug > > Upcoming Meetings (6pm - 8pm) Vassar College > Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and IMAP/POP3 > Proxy Server > May 7 - Google App Engine > Jun 4 - Samba: Can We All Just Get Along? > ============================================================================= michaelMuller = [email protected] | http://www.mindhog.net/~mmuller ----------------------------------------------------------------------------- In this book it is spoken of the Sephiroth, and the Paths, of Spirits and Conjurations; of Gods, Spheres, Planes and many other things which may or may not exist. It is immaterial whether they exist or not. By doing certain things certain results follow. - Aleister Crowley ============================================================================= _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College Apr 2 - Nginx: High-Performance HTTP Server, Reverse Proxy, and IMAP/POP3 Proxy Server May 7 - Google App Engine Jun 4 - Samba: Can We All Just Get Along?
