Conditional options directives
John at enigmail.net
Tue May 3 00:54:35 CEST 2011
Kevin Kammer wrote:
> Let us suppose that we have more than one private key on our keychain.
> For this example, let's say we use one key to sign our personal email, and a
> different one to sign software packages we host on a company server. There
> may be settings in our gpg.conf file which should be different depending on
> the key we are using at the time. E.G. different URLs for retrieving keys,
> different comments, etc. This could be accomplished by saving different
> configuration files and specifying which one you want to use for any given
> operation with the --options flag, but wouldn't it be nice if the process
> could be automated?
Doesn't a separate config file automate things? I fear you may be attempting to
over-engineer a solution.
> Not just nice, but much easier for other programs which interface with GnuPG,
> such as a mail plugin, for which there may be no convenient way to pass
> command line options.
To use your example, I know of two ways email plugins communicate with GnuPG:
gpgme (Evolution, etc) or via some form of IPC (mozilla-mailnews/Enigmail,
mutt). Neither seem to have much difficulty communicating additional
(non-gpg.conf) options to gpg.
> So, what I am thinking of is semantically a little like a pre-processor
> #if (keyID == 123456) /* Use these options */ #elif (keyID == 789abc) /* Use
> some different options */ #else /* Fall back to a default set of options */
> Obviously it wouldn't look like that in the gpg.conf file, but the model of
> conditional compilation gets the point across (I hope).
I think the separate config file idea is superior.
> Does anyone agree with me that this would be a good idea, or am I just crazy?
> Better yet, does anyone already implement some kind of conditional options
> parsing, using a technique which hasn't occurred to me?
Not a mental health professional, but I'd venture that whether or not you are
crazy is orthogonal to whether this is a good idea, IMO, it isn't. I think it's
an unnecessary complication and more attack/error prone.
John P. Clizbe Inet: John (a) Enigmail
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 886 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users