non-interactive expiration of a key using --batch?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat May 5 00:38:54 CEST 2012
Hi folks--
I'm having trouble setting up non-interactive expiration updates of a
key with a passphrase. I think i should use the --batch argument
because i want to ensure that gpg doesn't try to hang waiting on user
interaction, but when i use the --batch argument, the update isn't
saved.
let's say the passphrase is contained in the file "pw".
As you can see below, saving an update to 12 weeks without --batch
advances the expiration date to 2012-07-27, and a following --list-keys
shows the update. Subsequently, saving it to 13 weeks with --batch
shows the change to 2012-08-03, but a following --list-keys shows the
expiration date reverted to 2012-07-27.
this is with gnupg 1.4.12-4, from debian testing.
Any ideas what's going on here? Am i wrong to try to use --batch in
this instance?
--dkg
0 wt215 at pip:~$ gpg --list-keys
/home/wt215/testexpiry/pubring.gpg
----------------------------------
pub 1024R/20819466 2012-05-03 [expires: 2012-07-20]
uid blab blab (DO NOT USE!) <test at example.org>
0 wt215 at pip:~$ printf "12w\nsave\n" | gpg --passphrase-fd 3 --command-fd 0 --edit-key test at example.org 3<pw expire
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Reading passphrase from file descriptor 3
Secret key is available.
pub 1024R/20819466 created: 2012-05-03 expires: 2012-07-20 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). blab blab (DO NOT USE!) <test at example.org>
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key expires at Fri 27 Jul 2012 04:37:23 PM EDT
You need a passphrase to unlock the secret key for
user: "blab blab (DO NOT USE!) <test at example.org>"
1024-bit RSA key, ID 20819466, created 2012-05-03
pub 1024R/20819466 created: 2012-05-03 expires: 2012-07-27 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). blab blab (DO NOT USE!) <test at example.org>
0 wt215 at pip:~$ gpg --list-keys
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2012-07-27
/home/wt215/testexpiry/pubring.gpg
----------------------------------
pub 1024R/20819466 2012-05-03 [expires: 2012-07-27]
uid blab blab (DO NOT USE!) <test at example.org>
0 wt215 at pip:~$ printf "13w\nsave\n" | gpg --batch --passphrase-fd 3 --command-fd 0 --edit-key test at example.org 3<pw expire
Secret key is available.
pub 1024R/20819466 created: 2012-05-03 expires: 2012-07-27 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). blab blab (DO NOT USE!) <test at example.org>
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key expires at Fri 03 Aug 2012 04:37:34 PM EDT
pub 1024R/20819466 created: 2012-05-03 expires: 2012-08-03 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). blab blab (DO NOT USE!) <test at example.org>
0 wt215 at pip:~$ gpg --list-keys
/home/wt215/testexpiry/pubring.gpg
----------------------------------
pub 1024R/20819466 2012-05-03 [expires: 2012-07-27]
uid blab blab (DO NOT USE!) <test at example.org>
0 wt215 at pip:~$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 965 bytes
Desc: not available
URL: </pipermail/attachments/20120504/6157a044/attachment.pgp>
More information about the Gnupg-users
mailing list