managing OpenPGP cards in batch mode?
Werner Koch
wk at gnupg.org
Wed May 4 08:13:13 CEST 2016
On Tue, 3 May 2016 20:20, daniel at pocock.pro said:
> gen-key (and get back the key ID)
There is also --quick-gen-key:
$ gpg -v --status-fd 2 --batch --quick-gen-key test-20160504.2 at example.org
[GNUPG:] PINENTRY_LAUNCHED 9804
[GNUPG:] PINENTRY_LAUNCHED 9806
gpg: writing self signature
gpg: RSA/SHA256 signature from: "43A68746 [?]"
gpg: writing key binding signature
gpg: RSA/SHA256 signature from: "43A68746 [?]"
gpg: writing public key to '/home/wk/b/gnupg/tmp3/pubring.kbx'
gpg: using PGP trust model
gpg: key 43A68746 marked as ultimately trusted
gpg: writing to '[...]/openpgp-revocs.d/5AF79828EB76B2709378639CEE[...]
gpg: RSA/SHA256 signature from: "43A68746 test-20160504.2 at example.org"
gpg: revocation certificate stored as '[...]/openpgp-revocs.d/5AF7[...]
[GNUPG:] KEY_CREATED B 5AF79828EB76B2709378639CEEBFB26F43A68746
Instead of the key ID you should use the fingerprint as shows in the
KEY_CREATED status line.
> adding more subkeys (addkey)
> "--gen-key --batch" only creates one subkey
A --quick-addkey has been discussed but has not yet been implemented.
> gen-revoke
Well, 2.1 creates a revocation certifciate with the key.
> card-edit (for setting PIN, etc)
You need to use --status-fd and --command-fd to automate this. Or you
bypass gpg and use gpg-connect-agent to access the card directly. Using
--debug 1024 and a log file in scdaemon.confshows you what the gpg
commands do.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list