Changing key's passphrase in an automated way
Thomas Pelletier
pelletier.thomas at gmail.com
Fri Dec 5 14:47:13 CET 2014
Hello everybody,
I have seen this topic has been discussed a few times here and online, but
I have not managed to reach a working solution.
My goal is to be able to change a key's passphrase from a caller program,
given its ID, the old passphrase and the new passphrase.
My best shot is:
echo -e "old_passpkey\nnew_passkey" | gpg --verbose --status-fd 2
--no-tty --homedir gpg_test --passphrase-fd 0 --batch --command-file cmds
--edit-key 9C6BD0AC
The cmds file contains the following:
passwd
save
Here is what I have on my stderr:
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
[GNUPG:] USERID_HINT F47798F49C6BD0AC My Key (My Key) <
pelletier.thomas at gmail.com>
[GNUPG:] NEED_PASSPHRASE F47798F49C6BD0AC F47798F49C6BD0AC 1 0
[GNUPG:] GOOD_PASSPHRASE
[GNUPG:] NEED_PASSPHRASE_SYM 3 3 2
[GNUPG:] GET_LINE keyedit.prompt
[GNUPG:] GOT_IT
The key's passphrase does not change in the end. It seems to me that the
second passphrase is never read. According to [1], "[--passphrase-fd] can
only be used if only one passphrase is supplied". So how can I give it the
two different passphrases?
Thanks,
Thomas
[1]
https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html
--
Thomas Pelletier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141205/547bffa8/attachment.html>
More information about the Gnupg-users
mailing list