gpgme_op_genkey() parms parameter: really XML? (escaping ampersands and angle brackets)

Daniel Kahn Gillmor dkg at
Tue Jan 24 22:08:41 CET 2017

Hey GnuPG folks--

gpgme_op_genkey() takes a parms parameter that is supposed to be a
textual XML object:

the canonical example is this:

    <Gnupgkeyparms format="internal">
    Key-Type: default
    Subkey-Type: default
    Name-Real: Joe Tester
    Name-Comment: with stupid passphrase
    Name-Email: joe at
    Expire-Date: 0
    Passphrase: abc

however, it's not clear to me that this is really XML -- it just looks
like plaintext with XML-ish lines on the top and bottom.

In particular, i want to know what happens if i want to include
ampersands or angle-brackets in any of the text (e.g. in the passphrase,
the comment field, the name, etc).

If it's really XML, i'd use & and < and >

But in practice, if i use those, they are passed through as literals:

     <GnupgKeyParms format="internal">
     Key-Type: RSA
     Key-Length: 2048
     Subkey-Type: RSA
     Subkey-Length: 2048
     Name-Real: Joe & his dog
     Passphrase: Crypt0<R0cks
     Expire-Date: 2020-12-31

On the flip side, if i put actual angle-brackets in there, it doesn't
seem to treat them as anything special (i haven't tried to make a key
with "Name-Real: </GnupgKeyParms>" yet).

So, i know how to stuff angle-brackets and ampersands into the strings
directly, but i don't know if that will somehow break if one day in the
future gpgme actually treats this as real XML.

What should someone who wants to use angle-brackets and ampersands in
these fields do?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170124/5ed2d89e/attachment.sig>

More information about the Gnupg-devel mailing list