gpg_generate_keypair (line
339)
This function generates a keypair
Unattended key generation ========================= This feature allows unattended generation of keys controlled by a parameter file. To use this feature, you use --gen-key together with --batch and feed the parameters either from stdin or from a file given on the commandline.
The format of this file is as follows:
- Text only, line length is limited to about 1000 chars.
- You must use UTF-8 encoding to specify non-ascii characters.
- Empty lines are ignored.
- Leading and trailing spaces are ignored.
- A hash sign as the first non white space character indicates a comment line.
- Control statements are indicated by a leading percent sign, the
arguments are separated by white space from the keyword.
- Parameters are specified by a keyword, followed by a colon. Arguments
are separated by white space.
- The first parameter must be "Key-Type", control statements
may be placed anywhere.
- Key generation takes place when either the end of the parameter file
is reached, the next "Key-Type" parameter is encountered or at the
control statement "%commit"
- Control statements:
%echo <text>
Print <text>. %dry-run Suppress actual key generation (useful for syntax checking). %commit Perform the key generation. An implicit commit is done at the next "Key-Type" parameter. %pubring <filename> %secring <filename> Do not write the key to the default or commandline given keyring but to <filename>. This must be given before the first commit to take place, duplicate specification of the same filename is ignored, the last filename before a commit is used. The filename is used until a new filename is used (at commit points) and all keys are written to that file. If a new filename is given, this file is created (and overwrites an existing one). Both control statements must be given.
- The order of the parameters does not matter except for "Key-Type"
which must be the first parameter. The parameters are only for the
generated keyblock and parameters from previous key generations are not
used. Some syntactically checks may be performed.
The currently defined parameters are:
Key-Type: <algo-number>|<algo-string>
Starts a new parameter block by giving the type of the primary key. The algorithm must be capable of signing. This is a required parameter. Key-Length: <length-in-bits> Length of the key in bits. Default is 1024. Key-Usage: <usage-list> Space or comma delimited list of key usage, allowed values are "encrypt" and "sign". This is used to generate the key flags. Please make sure that the algorithm is capable of this usage. Subkey-Type: <algo-number>|<algo-string> This generates a secondary key. Currently only one subkey can be handled. Subkey-Length: <length-in-bits> Length of the subkey in bits. Default is 1024. Subkey-Usage: <usage-list> Similar to Key-Usage. Passphrase: <string> If you want to specify a passphrase for the secret key, enter it here. Default is not to use any passphrase. Name-Real: <string> Name-Comment: <string> Name-Email: <string> The 3 parts of a key. Remember to use UTF-8 here. If you don't give any of them, no user ID is created. Expire-Date: <iso-date>|(<number>[d|w|m|y]) Set the expiration date for the key (and the subkey). It may either be entered in ISO date format (2000-08-15) or as number of days, weeks, month or years. Without a letter days are assumed. Preferences: <string> Set the cipher, hash, and compression preference values for this key. This expects the same type of string as "setpref" in the --edit menu.
Here is an example: $ cat >foo <<EOF %echo Generating a standard key Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 1024 Name-Real: Joe Tester Name-Comment: with stupid passphrase Name-Email: joe@foo.bar Expire-Date: 0 Passphrase: abc %pubring foo.pub %secring foo.sec
- Do a commit here, so that we can later print "done" :-)
%commit %echo done EOF $ gpg --batch --gen-key -a foo [...]
echo "Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Subkey-Length: 2048 \ Name-Real: Joe Tester Name-Email: joe@foo.bar Passphrase: abc" \ | gpg --batch --gen-key --armor --homedir $gpg_key_dir
Keys created with the option set below are PGP compatible Key-Type: DSA Key-Length: 1024 Subkey-Type: ELG-E Preferences: S2 S7 S3 H2 H3 Z2 Z1 (don't forget to put in the other options needed for actual key creation)
array
gpg_generate_keypair
(string $real_name, string $email, string $passphrase, [optional $comment = ''], [optional $keylength = 1024], [optional $expiredate = 0], optional 6)
-
string
$real_name: Full Name for the uid
-
string
$email: Email address to be oput in the uid
-
string
$passphrase: Passphrase to protect te secret key
-
optional
6: string $revoker fingerprint of key to set as revoker
-
optional
$comment: string $comment Comment to be appended to the default comment
-
optional
$keylength: integer $keylength Length of key to generate
-
optional
$expiredate: date $expiredate when should this key expire?
gpg_keyserver_findkey (line
155)
This function will search for keys on a public keyserver
Ideally, we would use a command like: gpg --keyserver wwwkeys.pgp.net --search-keys brian@braverock.com
BUT: this command is interactive, expecting input, and I can't find anything about using it in batch mode. if you try --batch you get : gpg: Sorry, we are in batchmode - can't get input so we would have to use a cycle to get the output and parse it then use the GnuPG::importKey_server function
SO: until we figure out how to parse the HKP output, or use the LDAP interface
We will first take an email address or keyid $search_keyid and look on the keyserver using http, like this:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=$search_keyid http://stinkfoot.org:11371/pks/lookup?op=index&search=$search_keyid http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=$search_keyid http://wwwkeys.eu.pgp.net:11371/pks/lookup?op=index&search=$search_keyid
Then, we will parse the output, and place it in an array for display and selection.
Information on public keyservers may be found at
http://www.vcnet.com/~rossde/pgp_keyserv.html
Finally, we will return an array of the key(s) to the interface so the user may select one or more for import.
It would be nice to use the HKP or LDAP interfaces too, but this will work for now.
array
gpg_keyserver_findkey
(string $search_keyid)
gpg_list_keys (line
33)
This function is the generic key lister for the plugin it is used for trusted_key operations, as well as key signing
Add switches to this function to modify the gpg command line
The format of the --with-colons parameter is described in detail in the file named DETAILS in the gpg distribution.
string
gpg_list_keys
(string $search_string, [optional $with_colons = false], [optional $keyring_type = 'public'], [optional $with_fingerprint = false])
-
string
$search_string
-
optional
$with_colons: boolean $with_colons
-
optional
$keyring_type: enum $keyring_type
-
optional
$with_fingerprint: boolean $with_fingerprint