On Tue 2024-08-27 17:37:03 +0200, Jakob Bohm via Gnupg-users wrote: > Another, related, feature would be the ability to run the gnupg tools in > a mode that doesn't talk to any part of the environment, neither the > gnupg config dir, nor the various helper programs (directory, password > prompt etc.), but instead acts predicatably based only on the command > line options.
Given this request for statelessness, You might be interested in the "stateless openpgp command line interface", or "sop", which is designed in many ways for the types of operations you're talking about: https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ (disclaimer: I've been shepherding the specification, but there are a half-dozen high quality implementations in the wild and several more in incubation) For signature verification specifically, the "sopv" verification-only subset is intended specifically to integrate well with other POSIX commands. A sopv implementation that wraps gpgv and handles all the status-fd checking as documented is also available at: https://gitlab.com/dkg/sopv-gpgv I see that you're using S/MIME and/or CMS (i.e. gpgsm) instead of the OpenPGP equivalents, and i don't know that anyone has produced something comparable for S/MIME or CMS, unfortunately. But the rough shape of the problem space is the same. I'd be very surprised if you couldn't move your administrative tooling over to using OpenPGP and making it work successfully with any of the available sop implementations. Regards, --dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users