Automatic Signing via Script

David Shaw dshaw@jabberwocky.com
Tue Jan 14 00:54:03 2003


On Mon, Jan 13, 2003 at 05:50:05PM +0100, Olaf Gellert wrote:
> Hi all,
> 
> I am writing some scripts for a certification authority.
> These scripts are presenting the information of the keys to
> be signed to the person who is signing them, ask if
> everything is alright, and then just sign the key without
> further user-interaction.
> 
> What I do is: Call "gpg --edit-key" with the necessary
> commands following (so something like gpg --edit-key 1 sign save
> would choose the first uid and sign it).
> 
> This works. But: It does not work when signing keys that
> have an expiry date set, because gpg then asks:
> 
> This key is due to expire on YYYY-MM-DD.
> Do you want your signature to expire at the same time? (Y/n)
> 
> How can I skip this question? I already use "--yes" but it does
> not work in this case. If I use "--batch" gpg exits in this
> case. Any suggestions?

In general, it is not a good idea to drive gpg via the "human being"
interface.  There may be changes in the interface that break your
script.

Rather, you should use the --status-fd and --command-fd messages,
which are designed for this sort of use.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson