Next: GPGSM VERIFY, Previous: GPGSM DECRYPT, Up: GPGSM Protocol [Contents][Index]
Signing is usually done with these commands:
INPUT FD[=n] [--armor|--base64|--binary]
This tells GPGSM to read the data to sign from file descriptor n.
OUTPUT FD[=m] [--armor|--base64]
Write the output to file descriptor m. If a detached signature is requested, only the signature is written.
SIGN [--detached]
Sign the data set with the INPUT command and write it to the sink set by
OUTPUT. With --detached, a detached signature is created
(surprise).
The key used for signing is the default one or the one specified in the configuration file. To get finer control over the keys, it is possible to use the command
SIGNER userID
to set the signer’s key. userID should be the
internal representation of the key; the server may accept any other way
of specification. If this is a valid and trusted recipient the server
does respond with OK, otherwise the return is an ERR with the reason why
the key cannot be used, the signature will then not be created using
this key. If the policy is not to sign at all if not all
keys are valid, the client has to take care of this. All
SIGNER commands are cumulative until a RESET is done.
Note that a SIGN does not reset this list of signers which is in
contrast to the RECIPIENT command.