I'm using pygpgme to generate keys, which works fine, but I have to provide the passphrase to gpgme like this:
key_params = dedent("""
<GnupgKeyParms format="internal">
Key-Type: RSA
Key-Length: 2048
Name-Real: Jim Joe
Passphrase: secret passphrase
Expire-Date: 0
</GnupgKeyParms>
""")
ctx = gpgme.Context()
result = ctx.genkey(key_params)
For security reasons, I'd prefer to never know the passphrase and let the gpg-agent provide a dialog for the user.
When I'm decrypting with pygpgme or generating a key with the gpg command line tool, the passphrase dialog pops up as expected.
One solution would be to use the gpg command with subprocess, but I wonder if there's a better one.
Finally figured it out. The request needs the '%ask-passphrase' control statement.
key_params = dedent("""
<GnupgKeyParms format="internal">
%%ask-passphrase
Key-Type: RSA
Key-Length: 2048
Name-Real: Jim Joe
Expire-Date: 0
</GnupgKeyParms>
""")