Automating the generation of master keys

Peter Lebbing peter at
Wed Jun 1 21:40:29 CEST 2016

On 01/06/16 21:20, Aurélien Vallée wrote:
> Okay, so I did try to add the sign usage to the master-key. That works
> well and avoids the use of expect for generating the keys.

I think it's still an odd limitation of the Key-Usage: option that you
cannot generate a master key without optional usages. Either "none" or
"certify" would be a good option to have, where I regard "certify"
definitely the prettier way to phrase it.


Key-Usage: sign

would do Sign, Certify for a primary key, implicitly adding certify.


Key-Usage: certify

would do just Certify for a primary key.

> But the problem of pinentry still kind of happens everywhere:
> --passphrase is now ignored when not in batch mode in gpg2, which means
> there is no way to provide a passphrase programmatically when using
> --edit-key ...

Disclaimer: I know very little of programmatic use of GnuPG.

Is it an option to upgrade your GnuPG to 2.1? I think it provides for a
less bumpy ride with the pinentry loopback.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list