How to get gpg-agent to ask for passphrase when generating keys with GPGME?

Question

I'm using pygpgme to generate keys, which works fine, but I have to provide the passphrase to gpgme like this:

key_params = dedent("""
    <GnupgKeyParms format="internal">
      Key-Type: RSA
      Key-Length: 2048
      Name-Real: Jim Joe
      Passphrase: secret passphrase
      Expire-Date: 0
    </GnupgKeyParms>
""")
ctx = gpgme.Context()
result = ctx.genkey(key_params)

For security reasons, I'd prefer to never know the passphrase and let the gpg-agent provide a dialog for the user.

When I'm decrypting with pygpgme or generating a key with the gpg command line tool, the passphrase dialog pops up as expected.

One solution would be to use the gpg command with subprocess, but I wonder if there's a better one.

score 2 · Accepted Answer · answered Aug 06 '13 at 17:35

Finally figured it out. The request needs the '%ask-passphrase' control statement.

key_params = dedent("""
    <GnupgKeyParms format="internal">
      %%ask-passphrase
      Key-Type: RSA
      Key-Length: 2048
      Name-Real: Jim Joe
      Expire-Date: 0
    </GnupgKeyParms>
""")

How to get gpg-agent to ask for passphrase when generating keys with GPGME?

1 Answers1