We recently switched over to Ubuntu 16.04 and there for php 7.0
No i run in to problem with one of our php scripts, this script updates ripe using the mail interface of ripe and send GPG signed mail to them, witch they use for authentication. But now the php cli starts to prompt for a password to use with the key. How can i prevent this passphrase question i tryed to remove the passphrase from the key but this didn't help.
my php code looks like this:
$gpgkey = "some thubprint of a key";
$gpgpwd = "Secret";
$res = gnupg_init();
gnupg_addsignkey($res,$gpgkey,$gpgpwd);
$updatemessages = "test";
$signedupdatemessages = gnupg_sign($res, $updatemessages);
Hope some knows the sollution
With kind regards,
Bas van den Dikkenberg
Ubuntu 16.04 ships a rather recent version of GnuPG, which does not allow setting a passphrase without pinentry without further hassles. This is because the rather large (and thus prone to security issues) GnuPG application should not be able to access private keys and passphrases, thus these operations are extracted to the smaller gpg-agent (which is now querying for the passphrase).
Removing the passphrase/setting it to an empty one should work out well, be sure to set the passphrase for the proper user (GnuPG has per-system-user keystores).
The "GnuPG-2.0-way" of setting a passphrase is using the gpg-preset-passphrase utility, which is usually installed in /usr/lib/gnupg2/gpg-preset-passphrase for Debian and derived distributions. You need to allow this operation by adding allow-preset-passphrase to ~/.gnupg/gpg-agent.conf, and run
/usr/lib/gnupg2/gpg-preset-passphrase -c [keygrip]
while providing the passphrase on STDIN (do not use echo or the -P option, using both ways all other system users can read the passphrase!). The keygrip can be obtained by running gpg2 --with-keygrip --list-secret-keys.