Please, fix batch mode for gpg --edit-key-trust

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Aug 5 00:30:18 CEST 2016 

On Wed 2016-07-27 09:46:19 -0400, John Buehrer wrote:

>     $ printf "5\n" | gpg2 --batch --edit-key 67A92459607354C7 trust quit
>     ...
>     Please decide how far you trust this user to correctly verify other users' keys
>     (by looking at passports, checking fingerprints from different sources, etc.)
>
>       1 = I don't know or won't say
>       2 = I do NOT trust
>       3 = I trust marginally
>       4 = I trust fully
>       5 = I trust ultimately
>       m = back to the main menu
>
>     *gpg: Sorry, we are in batchmode - can't get input*

another way to do this would be to use --import-ownertrust:

  echo $FINGERPRINT:$VAL: | gpg --import-ownertrust

where $VAL is pulled from this list (see g10/trustdb.h; i don't know
whether it is documented anywhere else):

#define TRUST_MASK	 15
#define TRUST_UNKNOWN	  0  /* o: not yet calculated/assigned */
#define TRUST_EXPIRED	  1  /* e: calculation may be invalid */
#define TRUST_UNDEFINED   2  /* q: not enough information for calculation */
#define TRUST_NEVER	  3  /* n: never trust this pubkey */
#define TRUST_MARGINAL	  4  /* m: marginally trusted */
#define TRUST_FULLY	  5  /* f: fully trusted      */
#define TRUST_ULTIMATE	  6  /* u: ultimately trusted */
/* Trust values not covered by the mask. */
#define TRUST_FLAG_REVOKED        32 /* r: revoked */
#define TRUST_FLAG_SUB_REVOKED    64 /* r: revoked but for subkeys */
#define TRUST_FLAG_DISABLED      128 /* d: key/uid disabled */
#define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */
#define TRUST_FLAG_TOFU_BASED    512 /* The trust value is based on
                                      * the TOFU information.  */

I do note that when VAL=0 in the above formulation, --import-ownertrust
doesn't touch the value for $FINGERPRINT, though -- so i don't know
whether there's a way to use --import-ownertrust to revert to a fully
"unknown" state  ("2" is probably the closest equivalent).

hth,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20160804/541cb675/attachment-0001.sig>

More information about the Gnupg-users mailing list