Importing secret keys via gpgme-json
Werner Koch
wk at gnupg.org
Thu May 13 18:56:38 CEST 2021
On Thu, 13 May 2021 15:58, Patrick Brunschwig said:
> 2021-05-13 15:53:58 gpg[2481] error getting the KEK: Forbidden
Ooops, I forgot about this. gpgme-json tells gpg that the origin of the
request is the browser:
gpgme_set_ctx_flag (ctx, "request-origin", "browser");
which enables this gpg option
--request-origin origin
Tell gpg to assume that the operation ultimately originated at
origin. Depending on the origin certain restrictions are applied
and the Pinentry may include an extra note on the origin. Supported
values for origin are: local which is the default, remote to
indicate a remote origin or browser for an operation requested by a
web browser.
this leads to
OPTION pretend-request-origin=browser
send to gpg-agent which the assumes the requests are coming from its
browser socket which is restricted similar to the remote socket.
So, you can't do certain operations. In case you are not running from a
browser, we could add a command line option to gpgme-json to change
this restriction.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210513/7ee7b174/attachment-0001.sig>
More information about the Gnupg-devel
mailing list