Automating the generation of master keys
Dashamir Hoxha
dashohoxha at gmail.com
Wed Jun 1 21:48:15 CEST 2016
On Wed, Jun 1, 2016 at 7:46 PM, Werner Koch <wk at gnupg.org> wrote:
>
> --8<---------------cut here---------------start------------->8---
> local commands="addkey|4|4096|1m|addkey|6|4096|1m|save"
> commands=$(echo "$commands" | tr '|' "\n")
> script -c "gpg --batch --command-fd=0 --edit-key $GPG_KEY <<<
> \"$commands\"" /dev/null >/dev/null
> while [[ -n $(ps ax | grep -e '--edit-key' | grep -v grep) ]]; do sleep
> 0.5; done
> --8<---------------cut here---------------end--------------->8---
>
> You can't use gpg this way - it does only work with a certain version
>
You are right, it only works with gnupg-2.0. For gnupg-2.1.11 the tricks
above do not work and I had to change the script:
- https://github.com/dashohoxha/egpg/blob/gnupg-2.1/src/cmd/key/gen.sh
I don't remember exactly why they didn't work, but I think that in gnupg-2.1
the pinentry is used more frequently and I couldn't find any way to send
data to it from stdin.
I wish that the batch mode was more pervasive in gpg2, so that my scripts
could do the interaction with the user and then just use gpg2 in batch mode
to get the job done.
> and build if GnuPG. Canned commands too fragile to use - you need to
> process the output of --status-fd and act accordingly.
>
I couldn't find out how to use --status-fd properly, and maybe using it
would
make the logic of the scripts more complex, because my script would have
to take care of all the possible outputs of --status-fd, in all the
possible cases.
> ps ax | grep -e '--edit-key' | grep -v grep
>
> does not work either because you assume that there is only one gpg
> command running (actually any process with a string '--edit-key').
>
I agree, this is a stupid trick.
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160601/2432dbdc/attachment.html>
More information about the Gnupg-users
mailing list