Automatic Signing via Script
David Shaw
dshaw@jabberwocky.com
Tue Jan 14 00:54:03 2003
On Mon, Jan 13, 2003 at 05:50:05PM +0100, Olaf Gellert wrote:
> Hi all,
>
> I am writing some scripts for a certification authority.
> These scripts are presenting the information of the keys to
> be signed to the person who is signing them, ask if
> everything is alright, and then just sign the key without
> further user-interaction.
>
> What I do is: Call "gpg --edit-key" with the necessary
> commands following (so something like gpg --edit-key 1 sign save
> would choose the first uid and sign it).
>
> This works. But: It does not work when signing keys that
> have an expiry date set, because gpg then asks:
>
> This key is due to expire on YYYY-MM-DD.
> Do you want your signature to expire at the same time? (Y/n)
>
> How can I skip this question? I already use "--yes" but it does
> not work in this case. If I use "--batch" gpg exits in this
> case. Any suggestions?
In general, it is not a good idea to drive gpg via the "human being"
interface. There may be changes in the interface that break your
script.
Rather, you should use the --status-fd and --command-fd messages,
which are designed for this sort of use.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson