On Tue, 5 May 2015 01:14, l...@greenhost.nl said: > keypair we would also like to generate a revocation certificate. Keys > are passwordless, so at first I thought that it should be straight forward.
Note that GnuPG 2.1 generates revocation certificates by default. > for the revocation certificate. So I'm a little stuck. The --gen-revoke > option prompts the user for 4 questions for a passwordless key, 5 if the > key has a password and I couldn't get around this. The idea is that you should be able to tell the reason for the revocation. This is not very often used and thus I consider the command line interface sufficent. You may automate this but you need to employ a state mahine to answer all the questions. This is how the GUI tools work. I don't think that adding a --quick-gen-revoke command is very useful here. It would be only done for 2.1 anyway and that version has the pre-made revocations. > I have also tried pexpect to 'mock' user input to bypass interaction, no > success there. You need to use this command gpg --command-fd 0 --status-fd 2 --gen-revoke 0x12345678 and act upon the GET_* status lines. --8<---------------cut here---------------start------------->8--- [GNUPG:] GET_BOOL gen_revoke.okay y [GNUPG:] GOT_IT Please select the reason for the revocation: 0 = No reason specified 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used Q = Cancel (Probably you want to select 1 here) [GNUPG:] GET_LINE ask_revocation_reason.code 3 [GNUPG:] GOT_IT Enter an optional description; end it with an empty line: [GNUPG:] GET_LINE ask_revocation_reason.text foo [GNUPG:] GOT_IT [GNUPG:] GET_LINE ask_revocation_reason.text [GNUPG:] GOT_IT Reason for revocation: Key is no longer used foo [GNUPG:] GET_BOOL ask_revocation_reason.okay y [GNUPG:] GOT_IT ASCII armored output forced. --8<---------------cut here---------------end--------------->8--- End the "ask_revocation_reason.text" prompts with an empty line. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
