change passphrase in batch mode
Hauke Laging
mailinglisten at hauke-laging.de
Wed Dec 11 08:38:04 CET 2013
Am Di 30.07.2013, 14:28:49 schrieb Werner Koch:
> Sure. Here is a very basic one:
Took me some time to give that a try but...
> echo "OK - what's up?"
> while read cmd rest; do
> echo "cmd=$cmd rest=$rest" >&2
> case "$cmd" in
> \#*)
> ;;
> GETPIN)
> echo "D ${PINENTRY_USER_DATA}"
> echo "OK"
> ;;
> BYE)
> echo "OK"
> exit 0
> ;;
> *)
> echo "OK"
> ;;
> esac
> done
That works, thanks a lot. I added
GETINFO)
if [ "pid" = "$rest" ]; then
echo "D $$"
fi
echo "OK"
;;
> It simply echos the content of the envvar PINENTRY_USER_DATA which is
> passed from gpg to via gpg-agent to the pinentry.
This simple example works if just one passphrase is needed (e.g. signing). The
problem is that pinentry is called three times when the passphrase is changed.
I could put both the old and the new passphrase in PINENTRY_USER_DATA.
Unfortunately it is not obvious for pinentry (or rather: me looking at the
communication) which of the three calls is the current one. That may be
detectable but seems too complicated. My solution is that I let the wrapper
read the data from a FIFO. Before gpg --passwd is called the three passphrases
are written to the FIFO.
I wonder why none of these commands (GETPIN, GETINFO, not even BYE) are
explained on
http://www.gnupg.org/documentation/manuals/gnupg/Agent-Protocol.html
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131211/08921f49/attachment.sig>
More information about the Gnupg-users
mailing list