gpg: Allow unattended deletion of secret keys.

* agent/command.c (cmd_delete_key): Make the --force option depend on --disallow-loopback-passphrase. * g10/call-agent.c (agent_delete_key): Add arg FORCE. * g10/delkey.c (do_delete_key): Pass opt.answer_yes to agent_delete_key. -- Unless the agent has been configured with --disallow-loopback-passpharse an unattended deletion of a secret key is now possible with gpg by using --batch _and_ --yes. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2016-05-10 11:01:42 +02:00 · 2016-05-10 11:01:42 +02:00 · ac9ff644b1
commit ac9ff644b1
parent 693838f012
6 changed files with 45 additions and 10 deletions
--- a/agent/command.c
+++ b/agent/command.c
@ -2333,8 +2333,9 @@ cmd_export_key (assuan_context_t ctx, char *line)
 static const char hlp_delete_key[] =
  "DELETE_KEY [--force] <hexstring_with_keygrip>\n"
  "\n"
-  "Delete a secret key from the key store.\n"
-  "Unless --force is used the agent asks the user for confirmation.\n";
+  "Delete a secret key from the key store.  If --force is used\n"
+  "and a loopback pinentry is allowed, the agent will not ask\n"
+  "the user for confirmation.";
 static gpg_error_t
 cmd_delete_key (assuan_context_t ctx, char *line)
 {
@ -2349,6 +2350,11 @@ cmd_delete_key (assuan_context_t ctx, char *line)
  force = has_option (line, "--force");
  line = skip_options (line);

+  /* If the use of a loopback pinentry has been disabled, we assume
+   * that a silent deletion of keys shall also not be allowed.  */
+  if (!opt.allow_loopback_pinentry)
+    force = 0;
+
  err = parse_keygrip (ctx, line, grip);
  if (err)
    goto leave;