--gen-revoke in batch

Werner Koch wk at gnupg.org
Thu Apr 17 14:27:40 CEST 2008

On Thu, 17 Apr 2008 01:49, JPClizbe at tx.rr.com said:
> Meenal Pant wrote:
>> Hello all,
>> Can the "gpg --gen-revoke user" command be executed in batch mode? I am
>> trying to generate revocation certificate for a gpg keypair through a
>> Python script.
> jpclizbe at ICECHEST ~
> $ gpg --batch --yes --gen-revoke "Test Key" > foo.asc
> gpg: can't do this in batch mode

Right.  The only way to do this from scripts is by using:

 gpg2 --status-fd 2  --command-fd 0 --gen-revoke  foo

The script needs to parse the status and react on it accordingly.  Here
is a sample:

  $ gpg2 --status-fd 2  --command-fd 0 --gen-revoke joe
  sec  1024D/9CD9FD55 2000-12-14 Joe Random Hacker 
  [GNUPG:] GET_BOOL gen_revoke.okay
  Please select the reason for the revocation:
    0 = No reason specified
    1 = Key has been compromised
    2 = Key is superseded
    3 = Key is no longer used
    Q = Cancel
  (Probably you want to select 1 here)
  [GNUPG:] GET_LINE ask_revocation_reason.code
  Enter an optional description; end it with an empty line:
  [GNUPG:] GET_LINE ask_revocation_reason.text
Pre-created revocation.
  [GNUPG:] GET_LINE ask_revocation_reason.text
  Reason for revocation: No reason specified
  Pre-created revocation.
  [GNUPG:] GET_BOOL ask_revocation_reason.okay
  NOTE: This key is not protected!
  ASCII armored output forced.

I have not indented the answers sent to stdin on response to the GET_foo
lines.  The script should parse the tags after the GET_foo to see what
has been requested and best use FSM to process this.  Unknown tags
should be answered with just a LF.  Of course you would use the
fingerprint of the key and not just the name to invoking the command.

As a quick solution for unattended key generation I am going to add a
"%revokefile" command to write a simple revocation certificate to the
given file after key generation.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list