Why is there no secret key?

Peter Lebbing peter at digitalbrains.com
Thu Jul 30 12:52:28 CEST 2020


On 27/07/2020 22:53, Ayoub Misherghi wrote:
> With API I mean something like GPGME.

It seems to me that including options in gpg.conf that GPGME does not
expect people to put there might throw it out of whack.

> 1) It is preferable to have "--batch" on command line even in
> unattended operation; and not in the gpg.conf file?

Precisely when you do unattended operation should you have it on the
command line. And it should not be in your gpg.conf.

Why do you say "_even_ in unattended operation"?

> 2) --pinentry-mode when needed goes in gpg.conf

No, it makes more sense to specify this on the command line in the
instances you actually need this. However, I explained two methods[1] of
seeding the passphrase, neither of which uses --pinentry-mode.
--pinentry-mode is a great way to shoot oneself in the foot
security-wise.

> 3) --allow-loopback-pinentry when needed goes in gpg-agent.conf

It's already the default, if you want to disallow it you would specify
--no-allow-loopback-pinentry.

Please see the man page.

> Is it true that command line parameters only go to gpg and gpg-agent?

I don't really understand the question.

Usually, you only specify command line parameters to gpg. gpg might
launch a gpg-agent, or connect to an already running instance. There
are gpg command line parameters that influence the command line used to
launch gpg-agent, but in general, gpg's parameters do not propagate to
gpg-agent.

They each have their own set of parameters, documented in the man pages
gpg(1) and gpg-agent(1) respectively. GnuPG consists of more binaries,
but those two are the major ones.

HTH,

Peter.

[1] https://lists.gnupg.org/pipermail/gnupg-users/2020-July/063825.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200730/d2cdf6cd/attachment.sig>


More information about the Gnupg-users mailing list