GnuPG --gen-key batch process?
Holger Sesterhenn
Holger.Sesterhenn@aachen.utimaco.de
Thu Mar 20 11:26:02 2003
This is a multi-part message in MIME format.
--------------040107080403080002020408
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii; format=flowed
Hello,
> for ((k=1; k<=100000; k++))
> do
> gpg --gen-key RealName$k $k@null.com CommentKey$1 NoPassPhrase
> done
Attached I have a little Bash script (hack!!!!) which does the job for me.
It works with SuSE Linux.
Be aware that key creation can take a looooong time. I have done it for 200
users and it took > 6 hours on a Pentium III, 500MHz.
HTH.
Best Regards,
Holger Sesterhenn
---
Internet http://www.utimaco.com
--------------040107080403080002020408
Content-Transfer-Encoding: 7bit
Content-Type: application/x-sh;
name="autokeygen.sh"
Content-Disposition: inline;
filename="autokeygen.sh"
#!/bin/bash
#
# autokeygen.sh <lownum> <highnum> <username-prefix> <fqn>
# e.g: ./autokeygen.sh 101 199 user200 no-such-domain.local
# -> keys for user101@no-such-domain.local, user102@no-such-domain.local, ...
#
# I have put everything in a single directory
GPG="./gpg"
GPGHOME="--homedir ."
GPGPARAM="$GPGHOME --no-options --batch --no-default-keyring --keyring ./auto-pubring.gpg \
--secret-keyring ./auto-secring.gpg"
#########################################
# Function #
# clean up temporary keyring files #
# #
#########################################
Cleanup() {
rm -v $TMPSECRING $TMPPUBRING $INPUTFILE
killall find
}
#########################################
# Function #
# print error message and abort #
# $*: param for echo and error message #
# #
#########################################
Abort() {
echo "$*"
Cleanup
exit 1
}
#########################################
# Function #
# generate PGPkey for username #
# $1: username #
# #
#########################################
Gen_key() {
#######################
# avoid race conditions if two processes wants to
# generate a key for the same user
#######################
if [ -e $INPUTFILE ] ; then
# ok, someone else is creating the key, just wait until
# this generation finished
echo "someone else generates a new key for $1"
echo "just sleep until this generation is completed"
while [ -e $INPUTFILE ] ; do
sleep 10
echo -n "."
done
echo -e "\nThe other process has finished generation. Return to calling function"
return
fi
# WE are the one who generates the new key!
touch $INPUTFILE
#######################
# Test if we already have a user with this name
#######################
echo "searching for secret key"
$GPG $GPGPARAM --status-fd 2 --list-keys $1 2> /dev/null
if [ $? -eq 0 ] ; then
echo "$1 already in public keyring!"
Abort "abort..."
fi
##################
# Build Input file
##################
echo "creating inputfile for key generation"
echo
# based on description in doc/DETAILS
echo "# input file to generate GnuPG keys automatically" > $INPUTFILE
echo >> $INPUTFILE
echo "%echo Generating a standard key" >> $INPUTFILE
echo >> $INPUTFILE
echo "#######################################" >> $INPUTFILE
echo "# parameters for the key" >> $INPUTFILE
echo >> $INPUTFILE
echo "Key-Type: DSA" >> $INPUTFILE
echo "Key-Length: 1024" >> $INPUTFILE
echo "Subkey-Type: ELG-E" >> $INPUTFILE
echo "Subkey-Length: 2048" >> $INPUTFILE
echo >> $INPUTFILE
echo "Name-Real: $1" >> $INPUTFILE
echo "Name-Comment: automatically GnuPG key" >> $INPUTFILE
echo "Name-Email: $1" >> $INPUTFILE
echo >> $INPUTFILE
echo "Expire-Date: 0" >> $INPUTFILE
echo >> $INPUTFILE
echo "######################################" >> $INPUTFILE
echo >> $INPUTFILE
echo "# the keyring files" >> $INPUTFILE
echo "%pubring $TMPPUBRING" >> $INPUTFILE
echo "%secring $TMPSECRING" >> $INPUTFILE
echo >> $INPUTFILE
echo "# perform key generation" >> $INPUTFILE
echo "%commit" >> $INPUTFILE
echo >> $INPUTFILE
echo "%echo done" >> $INPUTFILE
echo "#EOF" >> $INPUTFILE
echo >> $INPUTFILE
#######################
# Call Key generation
#######################
$GPG $GPGPARAM --gen-key $INPUTFILE
if [ $? -ne 0 ] ; then
echo "error calling $GPG"
Abort "abort..."
fi
#######################
# import the new key to the regular keyrings
#######################
echo "importing new key"
echo
$GPG $GPGPARAM --status-fd 2 --logger-fd 2 --verbose \
--import $TMPPUBRING $TMPSECRING
if [ $? -ne 0 ] ; then
echo "error calling $GPG"
Abort "abort..."
fi
#######################
# export the new keys for backup
#######################
set -x
$GPG $GPGPARAM --armor --output $1.pub.asc --export $1
$GPG $GPGPARAM --armor --output $1.sec.asc --export-secret-key $1
set +x
######################
# Sign new key with "root CA" key -> first key in secret keyring
######################
echo "signing new key"
echo
echo -ne "\nY\n"| $GPG $GPGPARAM --no-batch --logger-fd 2 --status-fd 2 --no-tty --command-fd 0 \
--default-cert-check-level 2 --sign-key $1
if [ $? -ne 0 ] ; then
echo "error calling $GPG"
Abort "abort..."
fi
}
######################################
# MAIN
######################################
num=$1
max=$2
user_prefix=$3
fqn=$4
while [ $num -le $max ] ; do
myname=${user_prefix}${num}@${fqn}
INPUTFILE=$myname.inputfile
TMPSECRING=$myname.secring.pgp
TMPPUBRING=$myname.pubring.pgp
# we need entropie for /dev/random, only keyboard, mouse and the disk
# controller driver call the /dev/random-functions
find / -fstype nfs -prune -o -printf "%F:%h:%f\n" -type f -exec cp -v {} /dev/null \; >/dev/null 2>&1 &
echo $myname
num=$[$num+1]
Gen_key $myname
Cleanup
done
killall find
echo "finished..."
#EOF
--------------040107080403080002020408--