Batch (non-interactive) key signing

Werner Koch wk@gnupg.org
Mon Mar 10 16:45:01 2003


On 05 Mar 2003 16:13:04 -0500, Jason Tackaberry said:

>         [tack@somewhere sc]$ echo -e "passphrase\nsign\ny\nsave\n" | gpg
>         --passphrase-fd 0 --command-fd 0 --status-fd 2 --batch --no-tty
>         --edit-key 47ECD62C

You can't do it this way because GnuPG may issue different prompts
depending on the key.  For example, if there is more than 1 user ID,
an extra prompt is issued ("really signal all user IDs").  Newer
versions of GnuPG might even add other rpompts or change the sequence
of the prompts.  So what you need to do, is to parse the status lines,
feed them into a FSM and send responses accordingly - if you don't
know the prompt, just send the default value (an empty line) and hope
for the best.

Old versions of GPA used the same approach and failed as soon as we
changed some things with GnuPG 1.0.7


Shalom-Salam,

   Werner