Brian Warner warner at lothar.com
Sun Sep 20 20:55:14 CEST 1998


I've gotten the mailcrypt+gpg code basically working, and have sent it to the
mailcrypt maintainer for inclusion in the next release. In working on it,
I came across a number of enhancements to GPG that would make --batch control
much easier. (listed by decreasing significance)

 1. Encrypting to a key that is not fully trusted in --batch mode causes that
    key to be dropped from the recipient list. --yes should cause gpg to use
    the key anyway. (without --batch the user is warned and asked if the key
    should be used anyway, although the name of the key is not printed so it
    is hard to figure out which key has the problem). It would be handy if
    untrusted keys in --batch mode without --yes were listed on stderr, with a
    message about what the problem was, causing an error return
    status. Something like:

     gpg: foo: no valid trust path

 2. "--passphrase-fd 0" is unimplemented. My workaround is to use a perl
    script that looks for this in the argument list and creates a pipe to
    itself to send the passphrase to a different fd, then exec's the real
    GPG. It works, but it would be great to not have to install a wrapper.
    The basic problem is that emacs-lisp doesn't provide a way to write to
    any file descriptor other than a subprocess' stdin.

 3. giving a hex keyid for -r or -u that is the wrong type of subkey should
    just use the right subkey for the operation. In particular the primary
    keyid should be useable for everything, since the primary keyid is the
    easiest value to get by parsing the output of --list-keys.

 4. --import from a file that contains multiple key block messages seems to
    quit after the first one. All blocks should be imported.

 5. There should be a way to drive --edit-key from a system() call. The Gnome
    PGP graphical front end <http://maxcom.ml.org/gpgp/>, which uses GPG
    despite the name, would probably benefit from this.

  warner at lothar.com
Version: GNUPG v0.4.0 (GNU/Linux)
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/


More information about the Gnupg-devel mailing list