> The gzipped tarball format looks really overkill. How about an OpenPGP > keyring (possibly armored)? No need for caff here, gpg(1) can do this > alone: > > gpg --export <fingerprints> >/tmp/keyring.gpg > > (you could also add ‘--export-options export-minimal’)
My reason for suggesting a tarball is that it makes it easier to provide additional information to the airgapped machine. For example, the user might want to select the UIDs to sign on the internet-connected machine. But I think you're right as far as the functionality that I want to implement. Thanks, Lachlan

