Conditional options directives

John Clizbe John at enigmail.net
Tue May 3 00:54:35 CEST 2011 

Kevin Kammer wrote:
> Let us suppose that we have more than one private key on our keychain. 

Safe bet.


> For this example, let's say we use one key to sign our personal email, and a 
> different one to sign software packages we host on a company server. There 
> may be settings in our gpg.conf file which should be different depending on 
> the key we are using at the time. E.G. different URLs for retrieving keys, 
> different comments, etc. This could be accomplished by saving different 
> configuration files and specifying which one you want to use for any given 
> operation with the --options flag, but wouldn't it be nice if the process 
> could be automated? 

Doesn't a separate config file automate things? I fear you may be attempting to
over-engineer a solution.

> Not just nice, but much easier for other programs which interface with GnuPG,
> such as a mail plugin, for which there may be no convenient way to pass
> command line options.

To use your example, I know of two ways email plugins communicate with GnuPG:
gpgme (Evolution, etc) or via some form of IPC (mozilla-mailnews/Enigmail,
mutt). Neither seem to have much difficulty communicating additional
(non-gpg.conf) options to gpg.

> So, what I am thinking of is semantically a little like a pre-processor
> directive...
> 
> #if (keyID == 123456) /* Use these options */ #elif (keyID == 789abc) /* Use
> some different options */ #else /* Fall back to a default set of options */ 
> #endif
> 
> Obviously it wouldn't look like that in the gpg.conf file, but the model of
> conditional compilation gets the point across (I hope).

I think the separate config file idea is superior.

> Does anyone agree with me that this would be a good idea, or am I just crazy?
> Better yet, does anyone already implement some kind of conditional options
> parsing, using a technique which hasn't occurred to me?

Not a mental health professional, but I'd venture that whether or not you are
crazy is orthogonal to whether this is a good idea, IMO, it isn't. I think it's
an unnecessary complication and more attack/error prone.

-- 
John P. Clizbe                      Inet:   John (a) Enigmail
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 886 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110502/c03a71b2/attachment.pgp>

More information about the Gnupg-users mailing list