Page MenuHome GnuPG
Create Task
Maniphest T5594

some possible minor things in the manpage
Closed, ResolvedPublic
Actions

Description

Hey.

--passphrase-fd n
       Read  the passphrase from file descriptor n. Only the first line
       will be read from file descriptor n. If you use  0  for  n,  the
       passphrase  will  be  read  from STDIN. This can only be used if
       only one passphrase is supplied.

       Note that since Version 2.0 this passphrase is only used if  the
       option  --batch  has  also  been  given.  Since  Version 2.1 the
       --pinentry-mode also needs to be set to loopback.

However it seems that despite of version 2.2.27, --pinentry-mode loopback is not needed and it still works for me with e.g.:
gpg --quiet --no-verbose --no-greeting --batch --no-options --no-random-seed-file --no-default-keyring --keyring /dev/null --no-keyring --trustdb-name /dev/null --disable-dirmngr --passphrase-fd 0 --pinentry-mode loopback --no-symkey-cache --decrypt

--no-default-keyring
       Do not add the default keyrings to the list  of  keyrings.  Note
       that  GnuPG will not operate without any keyrings, so if you use
       this option and do not provide alternate keyrings via  --keyring
       or  --secret-keyring, then GnuPG will still use the default pub‐
       lic or secret keyrings.

First, AFAIU --secret-keyring is obsolete? Second, this is a bit ambiguous, it says without alternative --keyring it would still use the default keyring,.. but is this also the case when --no-keyring is used?

In past times I had to use --no-default-keyring --keyring /dev/null --secret-keyring /dev/null... my understanding was that now a simple --no-keyring would be enough?

Cheers,
Chris.

Revisions and Commits

rG GnuPG
rG7f8ccb67e337 doc: Clarify some gpg keyring options
rG92f5cbb01874 doc: Clarify some gpg keyring options

Event Timeline

calestyo created this task.Sep 8 2021, 4:32 PM
werner added projects: gnupg, Documentation.Sep 8 2021, 6:53 PM
werner added a commit: rG92f5cbb01874: doc: Clarify some gpg keyring options.Sep 9 2021, 5:47 PM
werner added a subscriber: werner.Sep 13 2021, 9:37 AM

Yes, --no-keyring should enough for the subset of gpg commands which do not need keys.

werner added a commit: rG7f8ccb67e337: doc: Clarify some gpg keyring options.Sep 14 2021, 3:16 PM
werner closed this task as Resolved.Sep 14 2021, 3:16 PM
werner claimed this task.
calestyo added a comment.Sep 17 2021, 2:59 PM

Hey.

The changes do not seem to touch anything I've mentoned in (1)?

And for (2)... TBH, I think it's still not really clear. It now says:
"no-default-keyring
Do not add the default keyring to the list of keyrings. Note that
GnuPG needs for almost all operations a keyring. Thus if you use this
option and do not provide alternate keyrings via @option{--keyring},
then GnuPG will still use the default keyring."

There's still no mentioning that --no-keyring would really cause it to not "still use the default keyring" in "almost operations".

calestyo added a comment.Sep 28 2021, 7:26 PM

@werner shall I open a new ticket for the remaining stuff?

werner triaged this task as Low priority.Sep 28 2021, 11:03 PM

Please don't, if you really feel like tha tis not resolved please re-open this ticket.

calestyo added a comment.Sep 29 2021, 12:01 AM

Well, as I've said in the comment above, there doesn't seem to be any correction towarads --passphrase-fd not requiring --pinentry-mode loopback (still works withou)... and --no-default-keyring still gives the impression that it would be needed (while --no-keyring works as well).