GnuPG 2.1 Unattended EC Generation

Nicholas Cole nicholas.cole at
Tue Nov 11 12:56:59 CET 2014

On Mon, Nov 10, 2014 at 4:41 PM, Werner Koch <wk at> wrote:
> On Mon, 10 Nov 2014 12:52, nicholas.cole at said:
>> How does unattended generation of elliptic curve keys work? As far as
>> I can see, that section of the manual has not been updated for the new
>> EC options, but I presume that it has to work slightly differently.
>> Am I right that key-length is now a no-op?  And how do you specify the
> Right, you need to use "Key-Curve" or "Subkey-Curve".  Curve names are
> as supported by Libgcrypt, for example: "nistp256" or "ed25519".

Thanks Werner!

Two smaller problems.

Under previous versions, failing to provide a


would create a key without a passphrase.  This was useful for testing purposes.

Is that still possible?  In version 2.1, if no password is specified,
gpg2 tries to call pin-entry and ask for a passphrase.

The second problem is that if gpg is called with a non-standard
--homedir the whole thing fails with:

gpg: agent_genkey failed: No pinentry
gpg: key generation failed: No pinentry

I'm sure this means that I'm invoking the new gpg2 and gpg-agent
combination incorrectly.

Sorry for all the flood of questions.  gpg2 "modern" is very exciting,
but getting all the pieces to work as they used to (and making changes
for the new system) is going to take a bit of time!

Best wishes,


More information about the Gnupg-users mailing list