Page MenuHome GnuPG

gpg --list-config does not include default-key
Open, NormalPublic

Description

I would like to be able to programmatically query GnuPG's configured default key
without needing to learn to parse the config file. The obvious way to do that
would be to read the output of:

    gpg --with-colons --list-config default-key

but that doesn't work, and default-key isn't including in the raw output of

    gpg --with-colons --list-config

either. It should be included if it set.

Details

Version
2.1.15

Event Timeline

dkg set Version to 2.1.15.
dkg added a subscriber: dkg.

hm, there is also:

    gpgconf --list-options gpg | \
         awk -F: '/^default-key:/{ print $10 }'

It's not clear to me when anyone should use "gpgconf --list-options gpg" and
when they should use "gpg --with-colons --list-config".

Is there some place where one or the other is more important?

--list-config is an old interface which has been superseeded by gpgconf.

if --list-config is deprecated, should it emit a warning? doc/gpg.texi shows no
mention that it is deprecated, or that "gpgconf --list-options gpg" should be
preferred.

Also, i note that --list-config is still used in the test suite:

tests/openpgp/defs.inc uses it with "ciphername" and "digestname", and
tests/openpgp/defs.scm uses it with "ciphername" and "digestname" and
"pubkeyname". I don't see any way to get the same information out of gpgconf.
Perhaps gpgconf needs to provide some equivalent?

What both won't give you is the key actually used as default key. A
test signing might be a better way to figure out the default key:

  $ fortune | gpg -sv -o /dev/null --status-fd 1
  gpg: using "1E42B367" as default secret key for signing
  gpg: using subkey 4F0540D577F95F95 instead of primary key F2AD85AC1E42B367
  [GNUPG:] KEY_CONSIDERED 80615870F5BAD690333686D0F2AD85AC1E42B367 0
  gpg: writing to '/dev/null'
  [GNUPG:] BEGIN_SIGNING H2
  [GNUPG:] PINENTRY_LAUNCHED 960
  gpg: DSA/SHA1 signature from: "4F0540D577F95F95 Werner Koch <wk@gnupg.org>"
  [GNUPG:] SIG_CREATED S 17 2 00 1473143881 E4B868C8F90C8964B5AF9DBC4F0540D577F95F95

The used key can be taken from the SIG_CREATED status line. This is
not the primary key, so we may want to add anoter status line. To
avoid the Pinentry this could be used:

  $ fortune | gpg -sv -o /dev/null --status-fd 1 --pinentry-mode=cancel
  gpg: using "1E42B367" as default secret key for signing
  gpg: using subkey 4F0540D577F95F95 instead of primary key F2AD85AC1E42B367
  [GNUPG:] KEY_CONSIDERED 80615870F5BAD690333686D0F2AD85AC1E42B367 0
  gpg: writing to '/dev/null'
  [GNUPG:] BEGIN_SIGNING H2
  gpg: signing failed: Operation cancelled
  [GNUPG:] FAILURE sign 67108963

along with a new status line.