Automating the generation of master keys

Dashamir Hoxha dashohoxha at
Thu Jun 2 09:19:34 CEST 2016

On Thu, Jun 2, 2016 at 7:50 AM, Werner Koch <wk at> wrote:

> On Wed,  1 Jun 2016 21:48, dashohoxha at said:
> > I don't remember exactly why they didn't work, but I think that in
> gnupg-2.1
> Because gpg inserts other prompts depending on version and options.

I tried to change the script to match the version of gnupg, but it didn't
work well.
I was getting password prompts from pinentry for each subkey that I was
adding, and I couldn't manage to automate the interaction with the pinentry.
Finally I decided that the interaction was more complex than what I wanted
it to be,
so I dropped the generation of additional subkeys. Now there is only one
main key for cert/sign and a subkey for decryption (these two are generated
in batch mode).

> You need to write a FSM.  See gpa/src/gpgmeedit.c for examples.  Agreed,
> this is a bit complex.

If I have to answer also the questions "Are you sure you want to do this?"
and "This is a weak password, do you really want to use it?", I think that
this is more complex than it should be.
A simpler interaction would be: this is the action that I want to do and
are the options/parameters, please do it for me. No questions involved,
especially no pinentry prompts, and no unneccessary output.
A good example of this is the batch mode of key generation.

But I know that this is not possible right now. Even if extended batch mode
is planed to be implemented, it will not be there before version 2.2 or 3.0
For the time being I am satisfied with what we have.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160602/964413f4/attachment.html>

More information about the Gnupg-users mailing list