fragility of --edit-key interface

Werner Koch wk at
Wed Jan 13 21:05:05 CET 2010

On Wed, 13 Jan 2010 16:54, jrollins at said:

> functionality that a user might need, but I think that suggesting
> developers use "gpg --edit-key" to achieve their desired functionality
> should include a strong warning that the interface to "gpg --edit-key"
> is fragile and may change unexpectedly and without warning.

We try to keep the interface as stable as possible.  The caller should
ignore unknown prompts by answerimg them with "default" (ie. an empty
string).  That works in most cases.  An FSM should be used to implement
such an edit interactor and should catch unknown transitions it can't handle.

> For instance, as of v1.4.10 (and v2.0.13), the edit-key interface to
> generate a subkey on an existing key ('addkey') in expert mode changed
> such that the "RSA (set your own capabilities)" selection in the key
> type chooser moved from entry 7 to entry 8.  As far as I can tell,

Right that is a bug.  You are the first to report it; possible because
no GUI made use of it.  Unfortunately we can't fix that.

> changelogs associated with recent gnupg releases.  The Monkeysphere
> project [0] is using this capability and this undocumented change
> recently caused problems.

We need to implement a stable and fixed way to select an algorithm.
Please add an item to the bug tracker so that we don't forget about it.

> Developers looking for the stable interface that GPGME is supposed to
> provide should be duly warned that the "gpg --edit-key" interface is
> not as stable, and that they should be on the look out for changes to

It is really hard to come up with a high-level API for all the possible
ways to change a key with --edit-key.  That is the reason why we only
have the simple gpgme_op_edit function to work with it.  The idea is to
add more gpgme interfaces if enough applications require advanced key
edit features.  The first one is the new gpgme_op_passwd API ;-).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list