The current GPGME keygen API basically comes down to gpg --gen-key --batch
This is not good to use for a downstream application.
I'd like at least to be able to provide a list of subkeys and a list of uids.
My ideal wish would be to have GnuPG key params in json or xml and to be able to
request supported values. As 2.1 differs from 1.4 and with 2.1 supported options
even differ depending on the gcrypt version or minor versions.
something like get_supported_key_types that would return something like:
{
"RSA": {
"lengths": [ "1024", "2048", "4096" ], "capabilities": [ "sign", "encrypt", "certify", "auth" ]
},
"ECDSA": {
"curves": [ "brainpoolP256r1", "brainpoolP384r1", "brainpoolP512r1", "NIST P-256", "NIST P-384", "NIST P-521" ], "capabilities": [ "sign", "certify", "auth" ]
}
}
And then for generation similarly:
{
"keys": [
{"type": "ECDSA", "usage": "certify sign", "curve": "NIST P-384" }, {"type": "ECDH", "usage": "encrypt", "curve": "NIST P-384" }]
"uids": [
{"name": "Andre Heinecke", "email": "aheinecke@intevation.de", "comment": "Comments are bad" }, {"name": "Andre Heinecke", "email": "andre.heinecke@intevation.de" }
]
"Expire-Date": "20200815T145012",
"Keyserver": "keys.gnupg.net"
}
And superduperideally such a json or xml representation would be available
through API and could be modified and returned again instead of using the
edit-key interface. But that's dreaming. :-)