Automating and integrating GPG

Dan Kegel dank at kegel.com
Mon Sep 18 23:10:40 CEST 2017


On Mon, Sep 18, 2017 at 11:45 AM, Grzegorz Kulewski <gk at leniwiec.biz> wrote:
> I am working on a project (in Python and bash) that requires me to use GPG in "headless mode" to generate keys and edit OpenPGP smartcard (to set some properties and transfer some of the generated keys). This includes transfering any passwords and PINs from my program to GPG, instead of requiring user to enter them using pinentry.
>
> I wonder what method of integration of GPG with such project is best, most future-proof and recommended and are there any other advices you may give me?

Good question.

I wrote a bit about doing that in shell scripts, see
https://lists.gnupg.org/pipermail/gnupg-users/2017-April/058158.html

It's challenging to make it both future- and past- proof, as gpg keeps changing.
What range of Linux distributions / versions of gpg do you need to support?

The new requirement for the agent is very challenging, and should not
be taken lightly.
You may need to expose the agent concept to your program; a transparent
wrapper may not be possible.

I keep running into problems with this.
https://github.com/Oblong/obs/ has my ugly code, and an automated test
that sometimes fails on slow systems like raspberry pi because of my
poor transparent wrapper around the gpg agent.
It is somewhat obscured by site-specific stuff (e.g. it uses gpg via apt).
I could try to do a clean demo without apt sometime if that would be helpful.
- Dan



More information about the Gnupg-users mailing list