Automating the generation of master keys
Peter Lebbing
peter at digitalbrains.com
Wed Jun 1 21:40:29 CEST 2016
On 01/06/16 21:20, Aurélien Vallée wrote:
> Okay, so I did try to add the sign usage to the master-key. That works
> well and avoids the use of expect for generating the keys.
I think it's still an odd limitation of the Key-Usage: option that you
cannot generate a master key without optional usages. Either "none" or
"certify" would be a good option to have, where I regard "certify"
definitely the prettier way to phrase it.
Then
Key-Usage: sign
would do Sign, Certify for a primary key, implicitly adding certify.
And
Key-Usage: certify
would do just Certify for a primary key.
> But the problem of pinentry still kind of happens everywhere:
> --passphrase is now ignored when not in batch mode in gpg2, which means
> there is no way to provide a passphrase programmatically when using
> --edit-key ...
Disclaimer: I know very little of programmatic use of GnuPG.
Is it an option to upgrade your GnuPG to 2.1? I think it provides for a
less bumpy ride with the pinentry loopback.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list