script that asks for password to gpg-sign with default key

532 views Asked by At

i'm trying to gpg-sign a file using python-gnupgp.

This should be rather simple:

my code is simple:

import gnupg
import sys

gpg = gnupg.GPG()
stream = open(sys.argv[1], "rb")
signed_data = gpg.sign_file(stream)

print("signed data: %s" % (signed_data.data))
print("stderr: %s" % (signed_data.stderr))

now the above code does not work, as I don't provide a passphrase to gpg.sign_file(), and gnupg cannot ask for it, as the error indicates:

signed data: b''

stderr: [GNUPG:] USERID_HINT 1234567890ABCDEF me myself <[email protected]>

[GNUPG:] NEED_PASSPHRASE 1234567890ABCDEF 1234567890ABCDEF 1 0

gpg: Sorry, no terminal at all requested - can't get input

according to this question/answer the problem is likely a default of having no-tty in the default GPG-options.

now i think that the no-tty option makes sense, and i would like to provide a way to ask for the passphrase and then supply it to the sign_file call.

in the simplest case, something like:

import getpass
pw=getpass.getpass()
signed_data=gpg.sign_file(stream, passphrase=pw)

no my problem is, that i would like to tell the user, which key's passphrase they are being asked for. something like

print("Please enter the passphrase for key %s" % defaultkey_id)
pw=getpass.getpass()

which turns out suprisingly hard to do, as i haven't found a way to query the ID of the default key. a simple gpg.list_keys(True)[0] gives a random private key (well not random; most likely the first one added to the keyring; but that need not be the default key).

So i guess my real question is: how can i find out what is the default key used for signing, so i can ask the user for a passphrase for this very key?

(i'd rather not parse the content of $GNUPGHOME/gpg.conf)

1

There are 1 answers

0
kylehuff On

If you have gpgconf available, you could parse the output of gpgconf gpg, which should list (among the other configured options) the configured default-key.