The library does not seem to allow making multiple signatures with one password entry?

[urjaman]

I'd like to sign a package repository (like, 2174 files now :P), adding a .sig file next to each package, but keep the private key password protected while i'm not doing that.

The library API seems to be designed to not allow a reset of the file list for the signing context? (IOW, restart of the process from the point the private key was loaded.) It's not hard to add, but I'm just so so so confused as to how you're using this that you didn't think of adding that, lol.

(Be prepared for a pull request once I'm done fixing this, this is just advance info :P)