Automating the generation of master keys
dashohoxha at gmail.com
Wed Jun 1 12:47:31 CEST 2016
On Wed, Jun 1, 2016 at 10:56 AM, Aurélien Vallée <vallee.aurelien at gmail.com>
> So "cert" is a default for primary-keys. If I do not provide any
> "Key-Usage", all usages will be set. If I do provide a "Key-Usage", then my
> master key is not "certify only" anymore.
I think that certify and sign are very similar, so it doesn't hurt if the
primary key is both "cert" and "sign".
I do it in batch mode like this:
Anyway, I generate a sign-only subkey later, and gnupg-2.0 picks by default
the latest sign subkey, when it comes to signing, so the primary key
normally will not be used for signing (which is what you want).
> Currently, I fallback to writing an expect script to automate the key
> generation. The handling of passphrases input with possibly different
> pinentry programs makes the expect script insane to read and fragile in
I use the script above for automatic (batch) key generation.
If you don't mind, can you share your expect script?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users