Page MenuHome GnuPG
Create Task
Maniphest T2064

please allow unattended secret key deletion
Open, NormalPublic
Actions

Description

HW42 wrote on gnupg-users
(https://lists.gnupg.org/pipermail/gnupg-users/2015-July/054074.html):

  I try to delete a public and it's secret key via gpgme. The problem is
  that it always pops a pinentry confirmation dialog. Since I want do the
  action unattended this is a problem.

  By looking at the gpg-agent code it seems that there is currently no way
  to do this. But maybe I missed something.

  There are two possibly workarounds I have think of

  1) use a fake pinentry which always says yes.
  2) delete the key in private-keys-v1.d

  but those are obviously crude hacks.

Details

Version
2.1.6

Event Timeline

dkg set Version to 2.1.6.Aug 4 2015, 12:36 AM
dkg added projects: Feature Request, gnupg.
dkg added a subscriber: dkg.
werner added a subscriber: werner.Aug 6 2015, 9:13 PM

The problem is that the same secret key may be used for OpenPGP, S/MIME, Ssh,
and possible other cleints directly accessing gpg-agent.

Thus I am not sure how to best do it. The direct gpg-agent interface of gpgme
could be used to delete a key if we add a --force option to the agent's
DELETE_KEY command.

werner added a comment.Aug 7 2015, 1:00 PM

Okay, I added a --force option to gpg-agent.

gpg-connect-agent 'DELETE_KEY --force <KEYGRIP>' /bye

Does now do the same as

rm ~/.gnupg/private-keys-v1.d/<KEYGRIP>.key
werner added a comment.Aug 7 2015, 1:01 PM

I am not sure how to to this in gpg and gpgme, thus for now only the gpg-agent part.

werner added a project: In Progress.Jun 2 2016, 4:08 PM
marcus removed a project: In Progress.Jul 20 2017, 9:26 PM
matheusmoreira added a subscriber: matheusmoreira.May 9 2019, 9:19 PM