Comment 3 for bug 1014570

Since we already use gpgme for verifying signatures, it might make sense to use it for signing them as well rather than trying to muck about and find the right magic options for the gpg command line utility.