Automating the generation of master keys

Dashamir Hoxha dashohoxha at
Wed Jun 1 21:48:15 CEST 2016

On Wed, Jun 1, 2016 at 7:46 PM, Werner Koch <wk at> wrote:
> --8<---------------cut here---------------start------------->8---
>   local commands="addkey|4|4096|1m|addkey|6|4096|1m|save"
>   commands=$(echo "$commands" | tr '|' "\n")
>   script -c "gpg --batch --command-fd=0 --edit-key $GPG_KEY <<<
> \"$commands\"" /dev/null >/dev/null
>   while [[ -n $(ps ax | grep -e '--edit-key' | grep -v grep) ]]; do sleep
> 0.5; done
> --8<---------------cut here---------------end--------------->8---
> You can't use gpg this way - it does only work with a certain version

You are right, it only works with gnupg-2.0. For gnupg-2.1.11 the tricks
above do not work and I had to change the script:

I don't remember exactly why they didn't work, but I think that in gnupg-2.1
the pinentry is used more frequently and I couldn't find any way to send
data to it from stdin.

I wish that the batch mode was more pervasive in gpg2, so that my scripts
could do the interaction with the user and then just use gpg2 in batch mode
to get the job done.

> and build if GnuPG.  Canned commands too fragile to use - you need to
> process the output of --status-fd and act accordingly.

I couldn't find out how to use --status-fd properly, and maybe using it
make the logic of the scripts more complex, because my script would have
to take care of all the possible outputs of --status-fd, in all the
possible cases.

>   ps ax | grep -e '--edit-key' | grep -v grep
> does not work either because you assume that there is only one gpg
> command running (actually any process with a string '--edit-key').

I agree, this is a stupid trick.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160601/2432dbdc/attachment.html>

More information about the Gnupg-users mailing list