batch automation for GPG2 v >= 2.1? how to implement per-user passphrase & multipl-subkeys?

Werner Koch wk at
Mon Nov 24 16:14:45 CET 2014

On Wed, 19 Nov 2014 18:30, grantksupport at said:

> Each user's keys' config (usage, algo, size) will be:
> 	master (sign, cert)    RSA/4096
> 	sub1   (sign only)    ECDH/2048
> 	sub2   (encrypt only) ECDH/2048
> 	sub3   (auth only)     RSA/2048

This is not the default thing and there is no direct way to do it unless
you want to add the keys one after the other.

> 	(1) passphrase can no longer be passed in GPG2 v>= 2.1

In theory not since 2.0 but we initially implemented the new thing only
for the S/MIME part.

> 	(2) only one sub-key can be generated in batch processing


> What's an effective/efficient approach for mass generation, allowing for 
> 	full automation
> 	per-user passphrase entry
> 	and,
> 	multiple sub-key generation

Extending the parameter file feature is probably the easiest way.  It
would be a low priority task.  But if it is for a commercial use there
are ways to speed it up ;-).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list