Hi Dirk, On 03/24/2018 02:04 AM, Dirk Gottschalk via Gnupg-users wrote: >>> Is it possible to sign a file with multiple keys? >> >> Yes. Slightly lower-level operations than normal signing, but not by >> much, you just need to know about enarmor/dearmor and how signatures >> are >> put together. >> ... > > Thank you very much. It's like chaining up PEM Certs in OpenSSL. Why > didn't I even think about this? The Format is so similar.
it's even easier when two or more people sign at the same time, just supply "-u KEYID" multiple times. At $dayjob our software updates are signed with two smartcards (four eye principle). Here's the relevant part from the sign script: gpg_cmd = ['/usr/bin/gpg2', '--personal-digest-preferences', 'sha256'] for gpg_id in gpg_sign_ids: gpg_cmd.extend(['-u', gpg_id]) gpg_cmd.extend(['--sign', shlex.quote(target_file)]) Cheers, Thomas
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users