Non-interactively signing UIDs on a key
Tobias Mueller
4tmuelle at informatik.uni-hamburg.de
Wed Nov 5 19:17:12 CET 2014
Hello.
While investigating the state of the art of Python bindings
I came across the problem of signing other people's keys.
For example, in https://github.com/isislovecruft/python-gnupg/issues/29
is a complaint about the behaviour of --sign-key:
By default, --sign-key drops you into an interactive prompt asking
Really sign all user IDs? (y/N) and afterwards, regardless of your
answer, drops you off in the gpg> interactive prompt (where you have
to type save and quit and so forth). By default (because it's meant
to be automateable) python-gnupg uses --no-tty to disable all
interactivity, and trying to use --sign-key with --no-tty will
produce an error message saying gpg: Sorry, no terminal at all
requested - can't get input. Further, gpg won't listen to you if you
try to use anything like --no-tty --passphrase-fd 0 --sign-key or
any of the other passphrase input options. Not to deter anyone,
because I'll take all the help I can get, but this is not going to
be a fun set of patches, I'm afraid. :/
In https://bitbucket.org/vinay.sajip/python-gnupg/issue/15/how-to-sign-a-key
the author of that library states:
Signing a key is not supported, as it involves back-and-forth
interacting with the gpg executable (signing a key is part of the
options for editing a key). If there were a way of doing it using a
one-off command (e.g. providing the id of the public key to sign,
the trust level, and the private key to sign with) then this could
be implemented.
With pygpgme, it seems at least possible to sign a key, but it doesn't look very convenient:
http://bazaar.launchpad.net/~jamesh/pygpgme/trunk/view/head:/gpgme/editutil.py#L110
My question is: Is there indeed no (simple) way to sign a UID on a
key non-interactively with GnuPG?
If there is a way, how could it be used by the libraries mentioned above?
Cheers,
Tobi
More information about the Gnupg-users
mailing list