Key signatures are a unique concept of the OpenPGP protocol. They can
be used to certify the validity of a key and are used to create the
Web-of-Trust (WoT). Instead of using the
function along with a finite state machine, GPGME provides a
convenient function to create key signatures when using modern GnuPG
gpgme_op_keysign adds a new key signature to the
public key KEY. This function requires at least version 2.1.12 of
CTX is the usual context which describes the protocol to use
(which must be OpenPGP) and has also the list of signer keys to be
used for the signature. The common case is to use the default key for
signing other keys. If another key or more than one key shall be used
for a key signature,
gpgme_signers_add can be used.
See Selecting Signers.
key specifies the key to operate on.
userid selects the user ID or user IDs to be signed. If
userid is set to
NULL all valid user IDs are signed. The
user ID must be given verbatim because the engine does an exact and
case sensitive match. Thus the
uid field from the user ID
gpgme_user_id_t) is to be used. To select more than
one user ID put them all into one string separated by linefeeds
\n) and set the flag
expires specifies the expiration time of the new signature in
seconds. The common case is to use 0 to not set an expiration date.
However, if the configuration of the engine defines a default
expiration for key signatures, that is still used unless the flag
GPGME_KEYSIGN_NOEXPIRE is used. Note that this parameter takes
an unsigned long value and not a
time_t to avoid problems on
systems which use a signed 32 bit
time_t. Note further that
the OpenPGP protocol uses 32 bit values for timestamps and thus can
only encode dates up to the year 2106.
flags can be set to the bit-wise OR of the following flags:
Instead of creating an exportable key signature, create a key signature which is is marked as non-exportable.
Although linefeeds are uncommon in user IDs this flag is required to explicitly declare that userid may contain several linefeed separated user IDs.
Force the creation of a key signature without an expiration date. This overrides expire and any local configuration of the engine.
The function returns zero on success,
the engine does not support the command, or a bunch of other error
gpgme_op_keysign_start initiates a
gpgme_op_keysign operation; see there for details. It must
be completed by calling
gpgme_wait on the context.
See Waiting For Completion.