gpgsm --list-keys behaves differently than gpg when --passphrase is supplied
Open, NormalPublic


gpg has --passphrase and --passphrase-file and --passphrase-fd.

but gpgsm has only --passphrase-fd.

As a result, if i run:

gpgsm --passphrase abc123 --list-keys

then gpgsm hangs, and waits for me to hit enter before listing keys.

I think it's doing so because it expands --passphrase to --passphrase-fd and reads abc123 as "0", and then tries to read the passphrase from stdin. This is confusing to someone who is used to the options available for gpg.

At the very least, --passphrase-fd should produce a warning if its argument does not round-trip from string to int to string, resulting in the same as the input.

But, also, no passphrase is required for the --list-keys subcommand. Why should gpgsm even bother trying to read the passphrase in that case?

More to the point, perhaps gpgsm should have the same --passphrase and --passphrase-file arguments that gpg offers.

So i guess there are three distinct asks here:

  1. all components of GnuPG that use --passphrase-fd (or any other *-fd argument) should emit a warning if the supplied value does not round-trip cleanly.
  2. for any component of GnuPG, when the selected command does not need a password, it should not wait to read one.
  3. gpgsm should support --passphrase and --passphrase-file options in addition to --passphrase-fd


dkg created this task.Nov 25 2019, 7:06 PM
werner triaged this task as Normal priority.Nov 26 2019, 4:52 PM