GPGME export secret subkeys
Jacob Adams
tookmund at gmail.com
Thu May 31 17:25:41 CEST 2018
On 05/30/2018 02:00 PM, Werner Koch wrote:
> On Wed, 30 May 2018 17:22, tookmund at gmail.com said:
>> GPGME has export and import functions that work well as alternatives to
>> "gpg --import" and "gpg --export". However, looking through the
>> documentation I cannot find an equivalent to "gpg
>> --export-secret-subkeys". Have I missed something, or does such
>> functionality not yet exist?
>
> GPGME does not support all features of gpg; that is to avoid creating a
> too baroque API. If you need this you can resort to the gpgme_op_spawn
> API.
Ah ok thank you. That's definitely more sensible than having a function
for everything.
> For example here is how we make sure in GPA that the gpg-agent is
> started (required for direct smartcard operations).
>
>
> --8<---------------cut here---------------start------------->8---
> void
> gpa_start_agent (void)
> {
> gpg_error_t err;
> gpgme_ctx_t ctx;
> char *pgm;
> const char *argv[3];
>
> pgm = get_gpg_connect_agent_path ();
> if (!pgm)
> {
> g_message ("tool to start the agent is not available");
> return;
> }
>
> ctx = gpa_gpgme_new ();
> gpgme_set_protocol (ctx, GPGME_PROTOCOL_SPAWN);
> argv[0] = ""; /* Auto-insert the basename. */
> argv[1] = "NOP";
> argv[2] = NULL;
> err = gpgme_op_spawn (ctx, pgm, argv, NULL, NULL, NULL, GPGME_SPAWN_DETACHED);
> if (err)
> g_message ("error running '%s': %s", pgm, gpg_strerror (err));
> g_free (pgm);
> gpgme_release (ctx);
> }
> --8<---------------cut here---------------end--------------->8---
>
> You need to adjust it for your needs; for example the first fucntion
> call should be get_gpg_path which can be implemented this way:
>
> --8<---------------cut here---------------start------------->8---
> static const gchar *
> get_gpg_path (void)
> {
> gpgme_engine_info_t engine;
>
> gpgme_get_engine_info (&engine);
> while (engine)
> {
> if (engine->protocol == GPGME_PROTOCOL_OpenPGP)
> return engine->file_name;
> engine = engine->next;
> }
> return NULL;
> }
> --8<---------------cut here---------------end--------------->8---
>
I'm using the python bindings and actually having a bit of trouble with
op_spawn. I've fallen back on setting GNUPGHOME and calling python's
subprocess.run which pretty much does the same thing.
The simple test case attached fails for me with:
Traceback (most recent call last):
File "/tmp/opspawn.py", line 7, in <module>
ctx.op_spawn(gpgbin, ['', '--version'], None, out, None, 0)
File "/usr/local/lib/python3.6/dist-packages/gpg/core.py", line 151,
in wrapper
return _funcwrap(self, *args)
File "/usr/local/lib/python3.6/dist-packages/gpg/core.py", line 132,
in _funcwrap
result = func(slf.wrapped, *args)
File "/usr/local/lib/python3.6/dist-packages/gpg/gpgme.py", line 2267,
in gpgme_op_spawn
return _gpgme.gpgme_op_spawn(ctx, file, argv, datain, dataout,
dataerr, flags)
TypeError: in method 'gpgme_op_spawn', argument 5 of type 'gpgme_data_t'
Like I said it's not really a problem since I'm using subprocess but I
thought I should report it nonetheless.
Thanks,
Jacob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opspawn.py
Type: text/x-python
Size: 244 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180531/c3c5a342/attachment-0001.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180531/c3c5a342/attachment-0001.sig>
More information about the Gnupg-users
mailing list