diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/todo/multi_gpg_key_privdata.mdwn | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/todo/multi_gpg_key_privdata.mdwn b/doc/todo/multi_gpg_key_privdata.mdwn index 754aa7e9..3ee6b3b8 100644 --- a/doc/todo/multi_gpg_key_privdata.mdwn +++ b/doc/todo/multi_gpg_key_privdata.mdwn @@ -1,6 +1,14 @@ To support multiple gpg keys added with --add-key, propellor should * When it encrypts the privdata after a change, encrypt it to all keys - listed in `privdata/keyring.gpg` + listed in `privdata/keyring.gpg`. See [this + post](http://laurent.bachelier.name/2013/03/gpg-encryption-to-multiple-recipients/) + explaining why and how encryption with multiple recipients work. * When --add-key adds a new key, it should re-encrypt the privdata, so that this new key can access it. +* When --add-key on behalf of another user, do not modify the signing key for + local git. This entails either splitting this command in two, `--add-key` and + `--set-signing-key`, or adding another command `--add-foreign-key`, + or perhaps determining if the key being added has a known secret key. + +[[done]] |