Based on Werner's suggestion, I have a test script now to create revocation certificates.
I use this command in the script: gpg -a -o "rev.asc" --command-fd 0 --status-fd 2 --gen-revoke 409900FC The responses entered by the script are all strings followed by an LF. The output is as follows: .... [GNUPG:] GOT_IT Reason for revocation: Key has been compromised (No description given) [GNUPG:] GET_BOOL ask_revocation_reason.okay y [GNUPG:] GOT_IT [GNUPG:] USERID_HINT 90FBD027409900FC Testkey (test) <[EMAIL PROTECTED]> [GNUPG:] NEED_PASSPHRASE 90FBD027409900FC 90FBD027409900FC 17 0 You need a passphrase to unlock the secret key for user: "Testkey (test) <[EMAIL PROTECTED]>" 1024-bit DSA key, ID 409900FC, created 2008-04-17 [GNUPG:] GET_HIDDEN passphrase.enter revokekey [GNUPG:] GOT_IT [GNUPG:] BAD_PASSPHRASE 90FBD027409900FC gpg: Invalid passphrase; please try again ... [GNUPG:] USERID_HINT 90FBD027409900FC Testkey (test) <[EMAIL PROTECTED]> [GNUPG:] NEED_PASSPHRASE 90FBD027409900FC 90FBD027409900FC 17 0 You need a passphrase to unlock the secret key for user: "Testkey (test) <[EMAIL PROTECTED]>" 1024-bit DSA key, ID 409900FC, created 2008-04-17 [GNUPG:] GET_HIDDEN passphrase.enter revokekey [GNUPG:] GOT_IT [GNUPG:] MISSING_PASSPHRASE [GNUPG:] BAD_PASSPHRASE 90FBD027409900FC gpg: Invalid passphrase; please try again ... [GNUPG:] USERID_HINT 90FBD027409900FC Testkey (test) <[EMAIL PROTECTED]> [GNUPG:] NEED_PASSPHRASE 90FBD027409900FC 90FBD027409900FC 17 0 Now when I run the same command on command line it works and a revocation certificate is created. ... Correct y [GNUPG:] GET_BOOL ask_revocation_reason.okay y [GNUPG:] GOT_IT [GNUPG:] USERID_HINT 90FBD027409900FC Testkey (test) <[EMAIL PROTECTED]> [GNUPG:] NEED_PASSPHRASE 90FBD027409900FC 90FBD027409900FC 17 0 You need a passphrase to unlock the secret key for user: "Testkey (test) <[EMAIL PROTECTED]>" 1024-bit DSA key, ID 409900FC, created 2008-04-17 [GNUPG:] GET_HIDDEN passphrase.enter revokekey [GNUPG:] GOT_IT [GNUPG:] GOOD_PASSPHRASE ASCII armored output forced. File `rev.asc' exists. [GNUPG:] GET_BOOL openfile.overwrite.okay y [GNUPG:] GOT_IT [GNUPG:] GOOD_PASSPHRASE Revocation certificate created. Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others! Any idea why entering the passphrase as a string in the script is not working ? Thanks Meenal Werner Koch wrote: > On Thu, 17 Apr 2008 20:28, [EMAIL PROTECTED] said: > >>> $ gpg2 --status-fd 2 --command-fd 0 --gen-revoke joe >> I guess I can use gpg here ? > > Yes. > >>> [GNUPG:] GET_BOOL gen_revoke.okay >> Are these commands generated by GPG ? > > The option --status-fd N generates them and writes the to the file > descriptor N (in the example 2 = stderr), you may want to use 1 for stdout. > > >> What is FSM ? Finite State Machine. How can I use this? > > Right. This the proper way to automate gpg using > --command-fd/--status-fd . It is a bit of work but has the advantage > that it won't break or, even worse, yields unexpected results if gpg > adds other status messages. The GPA frontend uses this approach > (src/gpgmeedit.c). > >>> should be answered with just a LF. Of course you would use the >> What if LF ? > > linefeed or in C notation "\n" (ASCII code 0x10). > >> I need to write the revocation certificate to a file too. > > Use the gpg option > > --output FILE > > > > Shalom-Salam, > > Werner > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
