Automating the generation of master keys
Aurélien Vallée
vallee.aurelien at gmail.com
Wed Jun 1 21:20:26 CEST 2016
Okay, so I did try to add the sign usage to the master-key. That works well
and avoids the use of expect for generating the keys.
But the problem of pinentry still kind of happens everywhere: --passphrase
is now ignored when not in batch mode in gpg2, which means there is no way
to provide a passphrase programmatically when using --edit-key ...
On Wed, Jun 1, 2016 at 7:46 PM, Werner Koch <wk at gnupg.org> wrote:
> On Wed, 1 Jun 2016 12:47, dashohoxha at gmail.com said:
>
> > I do it in batch mode like this:
> > -
> https://github.com/dashohoxha/egpg/blob/gnupg-2.0/src/cmd/key/gen.sh#L42
>
> Take care:
>
> --8<---------------cut here---------------start------------->8---
> local commands="addkey|4|4096|1m|addkey|6|4096|1m|save"
> commands=$(echo "$commands" | tr '|' "\n")
> script -c "gpg --batch --command-fd=0 --edit-key $GPG_KEY <<<
> \"$commands\"" /dev/null >/dev/null
> while [[ -n $(ps ax | grep -e '--edit-key' | grep -v grep) ]]; do sleep
> 0.5; done
> --8<---------------cut here---------------end--------------->8---
>
> You can't use gpg this way - it does only work with a certain version
> and build if GnuPG. Canned commands too fragile to use - you need to
> process the output of --status-fd and act accordingly.
>
> ps ax | grep -e '--edit-key' | grep -v grep
>
> does not work either because you assume that there is only one gpg
> command running (actually any process with a string '--edit-key').
>
> BTW, Unix people use this trick to avoid the inverse grep:
>
> grep -e '--edit-ke[y]'
>
>
>
> Shalom-Salam,
>
> Werner
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
> /* EFH in Erkrath: https://alt-hochdahl.de/haus */
>
>
--
Aurélien Vallée
Phone +33 9 77 19 85 61
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160601/f7190dd6/attachment.html>
More information about the Gnupg-users
mailing list