How to use gpg --gen-key in a script?
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------
Music by Eric Matyas
https://www.soundimage.org
Track title: Puzzle Game 3
--
Chapters
00:00 How To Use Gpg --Gen-Key In A Script?
00:33 Accepted Answer Score 18
01:27 Answer 2 Score 3
02:34 Thank you
--
Full question
https://superuser.com/questions/1003403/...
--
Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...
--
Tags
#linux #script #gnupg #pgp #openpgp
#avk47
ACCEPTED ANSWER
Score 18
OpenSSL does not support OpenPGP, so you can't use it for key generation. Anyway, GnuPG is rather easy to script using --with-colons together with --batch. For most operations, using GPGME is the way to go, at least for high-level programming languages where libraries exist to interface GnuPG through it without having to parse the output on your own.
Also scripted key generation is possible: you're looking for unattended key generation, which is well possible. In the end it boils down to storing a description on how to generate the keys in a file, and running gpg --batch --genkey [filename].
The documentation linked above hosts following example on unattended key generation:
$ cat >foo <<EOF
%echo Generating a basic OpenPGP key
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: Joe Tester
Name-Comment: with stupid passphrase
Name-Email: joe@foo.bar
Expire-Date: 0
Passphrase: abc
%pubring foo.pub
%secring foo.sec
# Do a commit here, so that we can later print "done" :-)
%commit
%echo done
EOF
$ gpg2 --batch --gen-key foo
[...]
$ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
--keyring ./foo.pub --list-secret-keys
/home/wk/work/gnupg-stable/scratch/foo.sec
------------------------------------------
sec 1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <joe@foo.bar>
ssb 1024g/8F70E2C0 2000-03-09
ANSWER 2
Score 3
$ gpg --quick-gen-key --batch --passphrase '...' a@gmail.com
From what I can see --quick-gen-key is a better choice for scripts:
4.5.3 The quick key manipulation interface
Recent versions of GnuPG have an interface to manipulate keys without using the interactive command
--edit-key. This interface was added mainly for the benefit of GPGME (please consider using GPGME, see the manual subsection “Programmatic use of GnuPG”).
https://www.gnupg.org/documentation/manuals/gnupg/The-quick-key-manipulation-interface.html
4.5 Unattended Usage
gpgis often used as a backend engine by other software. To help with this a machine interface has been defined to have an unambiguous way to do this. The options--status-fdand--batchare almost always required for this.
- Programmatic use of GnuPG: Programmatic use of GnuPG
- Ephemeral home directories: Ephemeral home directories
- The quick key manipulation interface: The quick key manipulation interface
https://www.gnupg.org/documentation/manuals/gnupg/Unattended-Usage-of-GPG.html
--batch makes it not ask questions (except for a passphrase):
--batch
--no-batch
Use batch mode. Never ask, do not allow interactive commands.
https://man.archlinux.org/man/core/gnupg/gpg.1.en
Or a bigger example.