> The gzipped tarball format looks really overkill.  How about an OpenPGP
> keyring (possibly armored)?  No need for caff here, gpg(1) can do this
> alone:
> 
>   gpg --export <fingerprints> >/tmp/keyring.gpg
> 
> (you could also add ‘--export-options export-minimal’)

My reason for suggesting a tarball is that it makes it easier to provide
additional information to the airgapped machine.  For example, the user
might want to select the UIDs to sign on the internet-connected machine.
 But I think you're right as far as the functionality that I want to
implement.

Thanks,
Lachlan

Reply via email to