Batch (non-interactive) key signing

Jason Tackaberry tack@auc.ca
Mon Mar 10 17:03:01 2003


--=-Kl3rk3p+DnZOwxhH0HHo
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hi Werner, thanks for your reply.

On Mon, 2003-03-10 at 10:49, Werner Koch wrote:
> of the prompts.  So what you need to do, is to parse the status lines,
> feed them into a FSM and send responses accordingly - if you don't
> know the prompt, just send the default value (an empty line) and hope
> for the best.

This sounds doable, except that I'm simply not able to make this work
when using --command-fd 0 (again, using GnuPG 1.0.7).  I get as far as
the sign_uid.okay prompt, then it drops me back to keyedit.prompt and
when I issue a "save" command it says "Key not changed so no update
needed."

I have attached a script of the gpg session with --command-fd 0
--status-fd 2 --passphrase-fd 0 used.  As far as I can tell I'm doing
everything correctly, but maybe you can offer some advice.

Thanks again,
Jason.

-- 
Jason Tackaberry  ::  tack@auc.ca  :: 705-949-2301 x330 
Academic Computing Support Specialist
Information Technology Services
Algoma University College  ::  www.auc.ca


--=-Kl3rk3p+DnZOwxhH0HHo
Content-Description: 
Content-Disposition: inline; filename=typescript
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

[tack@somewhere 2]$ gpg --homedir . --command-fd 0 --status-fd 2 --passphrase-fd 0 --edit-key A83E32C0 

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Reading passphrase from file descriptor 0 ...pass

pub  1024D/A83E32C0  created: 1999-08-31 expires: never      trust: -/-
sub  3072g/76FB8F7A  created: 1999-08-31 expires: never     
(1). Test Key <test@test.com>

[GNUPG:] GET_LINE keyedit.prompt
sign
[GNUPG:] GOT_IT

pub  1024D/A83E32C0  created: 1999-08-31 expires: never      trust: -/-
             Fingerprint: 32E5 F1E4 2FC7 E1DE 6588  30AB C78D CFFF A83E 32C0

     Test Key <test@test.com>

How carefully have you verified the key you are about to sign actually belongs
to the person named above?  If you don't know what to answer, enter "0".

   (0) I will not answer. (default)
   (1) I have not checked at all.
   (2) I have done casual checking.
   (3) I have done very careful checking.

[GNUPG:] GET_LINE sign_uid.class
2
[GNUPG:] GOT_IT
Are you really sure that you want to sign this key
with your key: "Jason"

I have checked this key casually.

[GNUPG:] GET_BOOL sign_uid.okay
y
[GNUPG:] GOT_IT

[GNUPG:] GET_LINE keyedit.prompt
save
[GNUPG:] GOT_IT
Key not changed so no update needed.

--=-Kl3rk3p+DnZOwxhH0HHo--