Why do I need –batch to import a secret key from a pipe?


Once I used this guide to transfer my secret key to my smartphone, so today I did the same thing for transfering the secret key from my workstation to my laptop.

Yes, I could have used a USB key, or I could have just relied on the first s of scp, which I’ve used to transfer the encrypted key, but I’m just curious to know the reason for this thing that I’m describing.

So what I did is:

  • On the workstation:

    1. gpg --armor --gen-random 1 20
    2. copy the string into the clipboard
    3. gpg --armor --export-secret-keys 'my key id' | gpg --armor --symmetric --output mykey
    4. paste the password from the clipboard and enter the key’s passphrase (in the right order)
  • On the laptop

    1. scp enrico@ip:/path/to/mykey .
    2. gpg --decrypt mykey | gpg --import

But step 2 failed with

... gpg: key 3F.........: error sending to agent: Inappropriate ioctl for device gpg: error building skey array: Inappropriate ioctl for device gpg: error reading '[stdin]': Inappropriate ioctl for device gpg: import from '[stdin]' failed: Inappropriate ioctl for device ... 

Upon searching on the web, I found that piping into gpg --import --batch instead of just gpg --import solves the error.

Why? From man gpg I read this:

      --batch       --no-batch              Use  batch  mode.  Never ask, do not allow interactive commands.  --no-              batch disables this option.  Note that even with a  filename  given  on              the  command line, gpg might still need to read from STDIN (in particu‐              lar if gpg figures that the input is a detached signature and  no  data              file  has  been  specified).   Thus if you do not want to feed data via              STDIN, you should connect STDIN to g‘/dev/null’.               It is highly recommended to use this  option  along  with  the  options              --status-fd and --with-colons for any unattended use of gpg. 

but even if it mentions STDIN I’m not sure I understand what this option means with respect to the error I get without it.