Automating the generation of master keys

Aurélien Vallée vallee.aurelien at
Thu Jun 2 23:47:54 CEST 2016

So I switched to using GPGME instead of trying to automate GPG.
Is there any way to force GPG to use expert mode?
I'm having a hard time finding clear option documentation on gpgconf
(homedir/gpgconf.conf) and gpg (homedir/gpg.conf)

On Thu, Jun 2, 2016 at 9:19 AM, Dashamir Hoxha <dashohoxha at> wrote:

> On Thu, Jun 2, 2016 at 7:50 AM, Werner Koch <wk at> wrote:
>> On Wed,  1 Jun 2016 21:48, dashohoxha at said:
>> > I don't remember exactly why they didn't work, but I think that in
>> gnupg-2.1
>> Because gpg inserts other prompts depending on version and options.
> I tried to change the script to match the version of gnupg, but it didn't
> work well.
> I was getting password prompts from pinentry for each subkey that I was
> adding, and I couldn't manage to automate the interaction with the
> pinentry.
> Finally I decided that the interaction was more complex than what I wanted
> it to be,
> so I dropped the generation of additional subkeys. Now there is only one
> main key for cert/sign and a subkey for decryption (these two are generated
> in batch mode).
>> You need to write a FSM.  See gpa/src/gpgmeedit.c for examples.  Agreed,
>> this is a bit complex.
> If I have to answer also the questions "Are you sure you want to do this?"
> and "This is a weak password, do you really want to use it?", I think that
> this is more complex than it should be.
> A simpler interaction would be: this is the action that I want to do and
> these
> are the options/parameters, please do it for me. No questions involved,
> especially no pinentry prompts, and no unneccessary output.
> A good example of this is the batch mode of key generation.
> But I know that this is not possible right now. Even if extended batch mode
> is planed to be implemented, it will not be there before version 2.2 or 3.0
> For the time being I am satisfied with what we have.
> Shalom-Salam,
> Dashamir

Aurélien Vallée
Phone +33 9 77 19 85 61
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160602/a7a8d0fd/attachment.html>

More information about the Gnupg-users mailing list