Non-interactively signing UIDs on a key

Tobias Mueller 4tmuelle at
Wed Nov 5 19:17:12 CET 2014


While investigating the state of the art of Python bindings
I came across the problem of signing other people's keys.
For example, in
is a complaint about the behaviour of --sign-key:

    By default, --sign-key drops you into an interactive prompt asking 
    Really sign all user IDs? (y/N) and afterwards, regardless of your 
    answer, drops you off in the gpg> interactive prompt (where you have 
    to type save and quit and so forth). By default (because it's meant 
    to be automateable) python-gnupg uses --no-tty to disable all 
    interactivity, and trying to use --sign-key with --no-tty will 
    produce an error message saying gpg: Sorry, no terminal at all 
    requested - can't get input. Further, gpg won't listen to you if you 
    try to use anything like --no-tty --passphrase-fd 0 --sign-key or 
    any of the other passphrase input options. Not to deter anyone, 
    because I'll take all the help I can get, but this is not going to 
    be a fun set of patches, I'm afraid. :/

the author of that library states:

    Signing a key is not supported, as it involves back-and-forth 
    interacting with the gpg executable (signing a key is part of the 
    options for editing a key). If there were a way of doing it using a 
    one-off command (e.g. providing the id of the public key to sign, 
    the trust level, and the private key to sign with) then this could 
    be implemented.

With pygpgme, it seems at least possible to sign a key, but it doesn't look very convenient:

My question is: Is there indeed no (simple) way to sign a UID on a
key non-interactively with GnuPG?

If there is a way, how could it be used by the libraries mentioned above?


More information about the Gnupg-users mailing list