(pre)cache password rather than use allow-loopback-pinentry

Werner Koch wk at gnupg.org
Fri Jul 21 18:34:59 CEST 2017


On Fri, 21 Jul 2017 11:37, dirkx at webweaving.org said:

> And I really would not mind to be able to refer to subkeys by number -and- fpr; as the fpr of a subkey is a but cumbersome to extract afaik (double —fingerprint).

Using the number with the quick commands is not a good idea because
another process might have changed the keys in the meantime.  For
--edit-key this is not a problem because you work on a copy and last
save wins.  So I went with subkey fingerprints:

  --quick-set-expire fpr expire [*|subfprs]

    With two arguments given, directly set the expiration time of the
    primary key identified by fpr to expire.  To remove the expiration
    time 0 can be used.  With three arguments and the third given as an
    asterisk, the expiration time of all non-revoked and not yet expired
    subkeys are set to expire.  With more than two arguments and a list
    of fingerprints given for subfprs, all non-revoked subkeys matching
    these fingerprints are set to expire.

This is in master and will be part of the next release.  Examples:

  $ gpg --status-fd 2 -v --quick-set-expire \
       502D1A5365D1C0CAA69945390BA52DF0BAA59D9C 2019-12-31

This is the standard thing to only chnage the primary keys expiration.

  $ gpg --status-fd 2 -v --quick-set-expire \
       502D1A5365D1C0CAA69945390BA52DF0BAA59D9C 2018-06-15 \*

This sets all the subkeys to 2018-06-15.  However subkeys which are
revoked or already expired are skipped.

  $ gpg --status-fd 2 -v --quick-set-expire \
       502D1A5365D1C0CAA69945390BA52DF0BAA59D9C 2017-12-30 \
       54E9BD99E3D78AFD6D7639A214B40CE8A84937FD \
       A70BE7404FF5D10FFFDA63DF701798F40CA0BC98

This sets the 54E9BD99E3D78AFD6D7639A214B40CE8A84937FD and
A70BE7404FF5D10FFFDA63DF701798F40CA0BC98 to 2017-12-30.  Noet that this
form also works for expired subkyes (but not for revoked subkeys).

Since some 2.1 version the fingerprints of the subkeys are always
included when you do

  gpg --list-keys --with-colons

(or --list-secret-keys).

To see them in the standard output format (which shall not be used by a
script) I have "with-subkey-fingerprint" in my gpg.conf.  In contrast to
using --with-fingerprint twice, --with-subkey-fingerprint has the
advantage that the fingerprints are printed without spaces and are thus
easier to c+p.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170721/cb326af1/attachment-0001.sig>


More information about the Gnupg-users mailing list