batchmode for revocation certificate and key editing: security pr oblem?

Burkhalter Christoph
Fri Feb 15 13:29:01 2002

Hi all

I am playing with the idea to change the sources of gpg, so that
 - a revoke-certificate can be made in batch mode (after creating the key in
batch mode)
 - keys can be edited in batch mode (trust, sign, passwd, ...), controlled
by another application

I tried it out and (with relatively little changes) have a test-version,
that is behaving like this. It reads from an input file that can be defined.
I have created a sub-key (for signing only) without a passphrase, therefore
I don't have to store the passphrase for my private key on the disk.

Now my question: Why is this not possible in the (unchanged) gnuPG? Is it a
security issue to revoke and edit automatically (I mean: where are the risks
aside of creating a sub-key for signing without a passphrase)?

Thanks for any input
-- chris