batch automation for GPG2 v >= 2.1? how to implement per-user passphrase & multipl-subkeys?

Werner Koch wk at gnupg.org
Mon Nov 24 16:14:45 CET 2014


On Wed, 19 Nov 2014 18:30, grantksupport at operamail.com said:

> Each user's keys' config (usage, algo, size) will be:
>
> 	master (sign, cert)    RSA/4096
> 	sub1   (sign only)    ECDH/2048
> 	sub2   (encrypt only) ECDH/2048
> 	sub3   (auth only)     RSA/2048

This is not the default thing and there is no direct way to do it unless
you want to add the keys one after the other.

> 	(1) passphrase can no longer be passed in GPG2 v>= 2.1

In theory not since 2.0 but we initially implemented the new thing only
for the S/MIME part.

> 	(2) only one sub-key can be generated in batch processing

Right.

> What's an effective/efficient approach for mass generation, allowing for 
>
> 	full automation
> 	per-user passphrase entry
> 	and,
> 	multiple sub-key generation

Extending the parameter file feature is probably the easiest way.  It
would be a low priority task.  But if it is for a commercial use there
are ways to speed it up ;-).


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list