Conditional options directives

Jerome Baum jerome at
Mon May 2 21:00:56 CEST 2011

On Mon, May 2, 2011 at 20:49, Kevin Kammer <
Lists.gnupg at> wrote:

> So, what I am thinking of is semantically a little like a pre-processor
> directive...
> #if (keyID == 123456)
>     /* Use these options */
> #elif (keyID == 789abc)
>     /* Use some different options */
> #else
>     /* Fall back to a default set of options */
> #endif
> Obviously it wouldn't look like that in the gpg.conf file, but the model of
> conditional compilation gets the point accross (I hope).
> Does anyone agree with me that this would be a good idea, or am I just
> crazy? Better yet, does anyone already implement some kind of conditional
> options parsing, using a technique which hasn't occured to me?

Sounds interesting. I would consider a kind of "lookup sequence" so you end
up with this:

>   gnupg.conf
>   gnupg-key-01234567.conf
>   gnupg-key-0123456789abcdef.conf


That way, you can look at a single file to understand what will happen under
given circumstances, instead of having to parse through conditionals. I
don't think complicating the options format is a good idea. You end up with
stuff like this:

:(){ :|: & };:

Of course, you should *not* run this code. It will crash your system. I am
just demonstrating that when you allow obfuscated meaning in data or code,
Mallory will trick you into configuring your gnupg to send out all your
private keys to her.

Jerome Baum

Telefon: +49-1578-8434336
E-Mail: jerome at
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110502/af25d0b8/attachment.htm>

More information about the Gnupg-users mailing list