--gen-revoke in batch

Meenal Pant mpant at ncsa.uiuc.edu
Thu Apr 17 20:28:49 CEST 2008

Thanks for the prompt response Werner. I have a few more questions.
Werner Koch wrote:
> Right.  The only way to do this from scripts is by using:
>  gpg2 --status-fd 2  --command-fd 0 --gen-revoke  foo
> The script needs to parse the status and react on it accordingly.  Here
> is a sample:
>   $ gpg2 --status-fd 2  --command-fd 0 --gen-revoke joe
I guess I can use gpg here ?
>   sec  1024D/9CD9FD55 2000-12-14 Joe Random Hacker 
I can get till here.
>   [GNUPG:] GET_BOOL gen_revoke.okay
Are these commands generated by GPG ?
> y
This I see is the user input. This is what I have to capture.
>   Please select the reason for the revocation:
>     0 = No reason specified
>     1 = Key has been compromised
>     2 = Key is superseded
>     3 = Key is no longer used
>     Q = Cancel
>   (Probably you want to select 1 here)
>   [GNUPG:] GET_LINE ask_revocation_reason.code
> 0
>   Enter an optional description; end it with an empty line:
>   [GNUPG:] GET_LINE ask_revocation_reason.text
> Pre-created revocation.
>   [GNUPG:] GET_LINE ask_revocation_reason.text
>   Reason for revocation: No reason specified
>   Pre-created revocation.
>   [GNUPG:] GET_BOOL ask_revocation_reason.okay
> y
>   NOTE: This key is not protected!
>   ASCII armored output forced.
> I have not indented the answers sent to stdin on response to the GET_foo
> lines.  The script should parse the tags after the GET_foo to see what
> has been requested and best use FSM to process this.  Unknown tags
What is FSM ? Finite State Machine. How can I use this?
> should be answered with just a LF.  Of course you would use the
What if LF ?
> fingerprint of the key and not just the name to invoking the command.
> As a quick solution for unattended key generation I am going to add a
> "%revokefile" command to write a simple revocation certificate to the
> given file after key generation.
I need to write the revocation certificate to a file too.
> Shalom-Salam,
>    Werner
Many Thanks

More information about the Gnupg-users mailing list