How to use gpg --gen-key in a script?

linux script gnupg pgp openpgp
10,395

OpenSSL does not support OpenPGP, so you can't use it for key generation. Anyway, GnuPG is rather easy to script using --with-colons together with --batch. For most operations, using GPGME is the way to go, at least for high-level programming languages where libraries exist to interface GnuPG through it without having to parse the output on your own.

Also scripted key generation is possible: you're looking for unattended key generation, which is well possible. In the end it boils down to storing a description on how to generate the keys in a file, and running gpg --batch --genkey [filename].

The documentation linked above hosts following example on unattended key generation:

$ cat >foo <<EOF
     %echo Generating a basic OpenPGP key
     Key-Type: DSA
     Key-Length: 1024
     Subkey-Type: ELG-E
     Subkey-Length: 1024
     Name-Real: Joe Tester
     Name-Comment: with stupid passphrase
     Name-Email: [email protected]
     Expire-Date: 0
     Passphrase: abc
     %pubring foo.pub
     %secring foo.sec
     # Do a commit here, so that we can later print "done" :-)
     %commit
     %echo done
EOF
$ gpg2 --batch --gen-key foo
 [...]
$ gpg2 --no-default-keyring --secret-keyring ./foo.sec \
       --keyring ./foo.pub --list-secret-keys
/home/wk/work/gnupg-stable/scratch/foo.sec
------------------------------------------
sec  1024D/915A878D 2000-03-09 Joe Tester (with stupid passphrase) <[email protected]>
ssb  1024g/8F70E2C0 2000-03-09
Share:
10,395

Related videos on Youtube

teknopaul
Author by

teknopaul

Updated on September 18, 2022

Comments

  • teknopaul
    teknopaul over 1 year

    GnuPG is one of these annoying tools that has a non-scriptable command line.

    I want to run gpg --gen-key in a script, the rest of the process is simple commands. Any one had any luck with this? Entering the password seems to be supported, but not the other questions it asks, key type, key size, expiry, name.

    If you use the --yes option, it still shows confirmation dialogs.

    Is there any way some more friendly tool like openssl can be used to generate keys?

  • Scott - Слава Україні
    Scott - Слава Україні over 8 years
    BTW, congratulations.
  • Ben Creasy
    Ben Creasy over 6 years
    Note that as of 2.1, %secring filename is a no-op and an ephemeral directory is used instead: gnupg.org/documentation/manuals/gnupg/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

gpg2 asking for passphrase when importing secret keys
GPG2 Encryption - No public key error
gpg: import failure key xxxxxxxx: no valid user IDs
How long would it take to break a 1024 bit OpenPGP encrypted email?
Encrypt files using PGP in PHP?
Debian apt error: "The following signatures were invalid: NODATA 1 NODATA 2"
gpg: no valid OpenPGP data found in ubuntu
PGP Enigmail Problem, can no longer decrypt or sign my own messages
Fetching Ubuntu's OpenPGP keys for verification fails with "not a key ID: skipping"
How to obtain a S/MIME certificate for e-mail encryption?