I have a requirement to manage private keys, rather than public. Specifically this is for signing RPM on build hosts, but that is mostly irrelevant.
The --delete-keys command only deletes public keys. Replacing this with --delete-secret-and-public-keys, from the man page at least, does exactly the same but deletes the private key first if it exists.
The problem with this is that to delete a private key in batch mode, it is necessary to specify the key fingerprint rather than the ID and while testing this, I was using the key_file to provide the key to import and delete again so I've modified the _get_key_from_file function to return the key fingerprint rather than the ID. A side effect to this is that this function now uses machine readable output from the gpg command to extract the fingerprint which the gpg documentation indicates is likely to be more stable than trying to parse the human readable output. As far as I can tell, using the fingerprint rather than the key ID works in all cases I've tested.
I've submitted a PR to add this functionality. I've not done this before so I hope I've followed the correct process. Note that my PR includes content from the other, as yet uncommitted, PR you have on this project.
I have a requirement to manage private keys, rather than public. Specifically this is for signing RPM on build hosts, but that is mostly irrelevant.
The --delete-keys command only deletes public keys. Replacing this with --delete-secret-and-public-keys, from the man page at least, does exactly the same but deletes the private key first if it exists.
The problem with this is that to delete a private key in batch mode, it is necessary to specify the key fingerprint rather than the ID and while testing this, I was using the key_file to provide the key to import and delete again so I've modified the _get_key_from_file function to return the key fingerprint rather than the ID. A side effect to this is that this function now uses machine readable output from the gpg command to extract the fingerprint which the gpg documentation indicates is likely to be more stable than trying to parse the human readable output. As far as I can tell, using the fingerprint rather than the key ID works in all cases I've tested.
I've submitted a PR to add this functionality. I've not done this before so I hope I've followed the correct process. Note that my PR includes content from the other, as yet uncommitted, PR you have on this project.