diff options
| author | Justus Winter <[email protected]> | 2016-12-16 12:49:16 +0000 |
|---|---|---|
| committer | Justus Winter <[email protected]> | 2016-12-16 13:30:10 +0000 |
| commit | 116a78eb869c4c589228bd0d6deff7c7a9f92dfb (patch) | |
| tree | 75110f3dd1045134f649c3ffb723bbf5f6a8a91b | |
| parent | g10: On a TOFU conflict, write the conflicting keys to the status fd (diff) | |
| download | gnupg-116a78eb869c4c589228bd0d6deff7c7a9f92dfb.tar.gz gnupg-116a78eb869c4c589228bd0d6deff7c7a9f92dfb.zip | |
doc: Add documentation for programmatic use of GnuPG.
* doc/gpg.texi: New subsections on programmatic use of GnuPG,
ephemeral home directories, and the quick key manipulation interface.
Signed-off-by: Justus Winter <[email protected]>
| -rw-r--r-- | doc/gpg.texi | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index ab0289d4d..a7e9204b8 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -3742,10 +3742,56 @@ way to do this. The options @option{--status-fd} and @option{--batch} are almost always required for this. @menu +* Programmatic use of GnuPG:: Programmatic use of GnuPG +* Ephemeral home directories:: Ephemeral home directories +* The quick key manipulation interface:: The quick key manipulation interface * Unattended GPG key generation:: Unattended key generation @end menu +@node Programmatic use of GnuPG +@subsection Programmatic use of GnuPG + +Please consider using GPGME instead of calling @command{@gpgname} +directly. GPGME offers a stable, backend-independent interface for +many cryptographic operations. It supports OpenPGP and S/MIME, and +also allows interaction with various GnuPG components. + +GPGME provides a C-API, and comes with bindings for C++, Qt, and +Python. Bindings for other languages are available. + +@node Ephemeral home directories +@subsection Ephemeral home directories + +Sometimes you want to contain effects of some operation, for example +you want to import a key to inspect it, but you do not want this key +to be added to your keyring. In earlier versions of GnuPG, it was +possible to specify alternate keyring files for both public and secret +keys. In modern GnuPG versions, however, we changed how secret keys +are stored in order to better protect secret key material, and it was +not possible to preserve this interface. + +The preferred way to do this is to use ephemeral home directories. +This technique works across all versions of GnuPG. + +Create a temporary directory, create (or copy) a configuration that +meets your needs, make @command{@gpgname} use this directory either +using the environment variable @var{GNUPGHOME}, or the option +@option{--homedir}. GPGME supports this too on a per-context basis, +by modifying the engine info of contexts. Now execute whatever +operation you like, import and export key material as necessary. Once +finished, you can delete the directory. All GnuPG backend services +that were started will detect this and shut down. + +@node The quick key manipulation interface +@subsection The quick key manipulation interface + +Recent versions of GnuPG have an interface to manipulate keys without +using the interactive command @option{--edit-key}. This interface was +added mainly for the benefit of GPGME (please consider using GPGME, +see the manual subsection ``Programmatic use of GnuPG''). This +interface is described in the subsection ``How to manage your keys''. + @node Unattended GPG key generation @subsection Unattended key generation |