Automatic Signing via Script
Olaf Gellert
gellert@arasca.de
Tue Jan 14 15:31:02 2003
Hi David,
> > I am writing some scripts for a certification authority.
> > These scripts are presenting the information of the keys to
> > be signed to the person who is signing them, ask if
> > everything is alright, and then just sign the key without
> > further user-interaction.
> >
> > What I do is: Call "gpg --edit-key" with the necessary
> > commands following (so something like gpg --edit-key 1 sign save
> > would choose the first uid and sign it).
> >
> > This works. But: It does not work when signing keys that
> > have an expiry date set, because gpg then asks:
> >
> > This key is due to expire on YYYY-MM-DD.
> > Do you want your signature to expire at the same time? (Y/n)
> >
> > How can I skip this question? I already use "--yes" but it does
> > not work in this case. If I use "--batch" gpg exits in this
> > case. Any suggestions?
>
> In general, it is not a good idea to drive gpg via the "human being"
> interface. There may be changes in the interface that break your
> script.
>
> Rather, you should use the --status-fd and --command-fd messages,
> which are designed for this sort of use.
I was already aware of --status-fd and --passphrase-fd
but not of --command-fd. I think this will solve my problem
(looks good). Thanks, David! Cheers... Olaf
--
Olaf Gellert _ - __o
gellert@arasca.de _- _`\<,_
http://www.arasca.de/olaf/ - (_)/ (_)
----------------------------------------------------------------------
Most people would sooner die than think; in fact, they do so.
-- Bertrand Russell
----------------------------------------------------------------------