batch automation for GPG2 v >= 2.1? how to implement per-user passphrase & multipl-subkeys?

grantksupport at operamail.com grantksupport at operamail.com
Wed Nov 19 18:30:01 CET 2014


I'm working with GPG 2.1.0

	gpg2 --version
		gpg (GnuPG) 2.1.0
		libgcrypt 1.6.2
		Copyright (C) 2014 Free Software Foundation, Inc.
		License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
		This is free software: you are free to change and redistribute it.
		There is NO WARRANTY, to the extent permitted by law.

		Home: ~/.gnupg
		Supported algorithms:
		Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
		Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
		        CAMELLIA128, CAMELLIA192, CAMELLIA256
		Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
		Compression: Uncompressed, ZIP, ZLIB, BZIP2

I need to create master keys + multiple subkeys for ~1000 users.

Each user's keys' config (usage, algo, size) will be:

	master (sign, cert)    RSA/4096
	sub1   (sign only)    ECDH/2048
	sub2   (encrypt only) ECDH/2048
	sub3   (auth only)     RSA/2048


unattended/batch operation is the intended approach.

However, IIUC,

	(1) passphrase can no longer be passed in GPG2 v>= 2.1
	(2) only one sub-key can be generated in batch processing

is that correct?

What's an effective/efficient approach for mass generation, allowing for 

	full automation
	per-user passphrase entry
	and,
	multiple sub-key generation

?



More information about the Gnupg-devel mailing list