Gpg Generate Key Batch Mode

  
  1. Generate a new key pair. This command is normally only used interactive. There is an experimental feature which allows to create keys in batch mode. See the file doc/DETAILS in the source distribution on how to use this.
  2. Here's the code. Starts rngd (/dev/hwrandom by default, but modifiable) to provide a source of entropy. Copies a simple template over (replace the jinja template email and name with what you want) generates a key using gpg. Imports it to the local keyring.
  3. Generating a Keypair. To begin using GnuPG, you must first generate a new keypair: a public key and a private key. To generate a keypair, at a shell prompt, type the following command: gpg -gen-key: Since you work with your user account most frequently, you should perform this action while logged in to your user account (not as root).
  4. GnuPG uses a somewhat more sophisticated scheme in which a user has a primary keypair and then zero or more additional subordinate keypairs. The primary and subordinate keypairs are bundled to facilitate key management and the bundle can often be considered simply as one keypair.

Gpg Decrypt Batch

gen-key-script

When creating GPG key, the following message will be output and console will be hung. Not enough random bytes available. Please do some other work to give.

Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: Root Superuser
Name-Email: root@handbook.westarete.com
Expire-Date: 0
install.bash
# Generate the key
gpg --batch --gen-key gen-key-script

commented Feb 13, 2014

Here's a page that describes the options for the gen-key script: http://www.gnupg.org/documentation/manuals/gnupg-devel/Unattended-GPG-key-generation.html

commented Feb 13, 2014

Originally I had a couple extra steps to use rng-tools to seed entropy from /dev/urandom. Apparently this is a bad idea because it will just feed bytes regardless of whether there's enough entropy. Here's where I got the original idea, and the subsequent discussion of why it's bad.

For new machines, we should generate the keys on our laptops where there's much more entropy to draw from, and then transfer them to the new server, just like we're currently doing with the encrypted data bag secret.

commented Feb 19, 2018

This is awesome, thank you.

commented Jan 23, 2019

Gpg Generate Key Command Line

I configured libvirt tu use /dev/urandom of the host: https://libvirt.org/formatdomain.html#elementsRng
That way keys generated within the VM should be ok.

Generate Key Code

commented Apr 9, 2019
edited

Thanks that was really helpful
I got what I needed from : https://www.gnupg.org/documentation/manuals/gnupg-devel/Unattended-GPG-key-generation.html

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

gpg and gpg2 both fail when trying to sign a key on the keyring without input
from the terminal. Despite passing various combinations of --yes, --batch, and
--no-tty, gpg either fails or prompts /dev/tty for confirmation.

I was building a GUI that would help automate key-signing parties, but gpg won't
let my GUI fork a gpg subprocess to sign a key!!!

gpg2 --status-fd 2 --no-tty --yes --passphrase-fd 3 3</tmp/1 --sign-key moglen@
</tmp/2
gpg: Sorry, no terminal at all requested - can't get input

/great-barcode-generator-registration-key-free.html. gpg2 --status-fd 2 --batch --yes --passphrase-fd 3 3</tmp/1 --sign-key moglen@
</tmp/2

pub 4096R/3E908FC3 created: 2010-12-21 expires: never usage: SC

Gpg Generate Key

sub 2048R/901254EE created: 2010-12-21 expires: never usage: A
sub 4096R/7294318C created: 2010-12-21 expires: never usage: E
[ unknown] (1). Eben Moglen <moglen@columbia.edu>
[ unknown] (2) Eben Moglen <eben@moglen.us>
[ unknown] (3) Eben Moglen <moglen@gnu.org>
[ unknown] (4) Eben Moglen <em21@columbia.edu>
[ unknown] (5) Eben Moglen <eben@softwarefreedom.org>
[ unknown] (6) Eben Moglen <moglen@softwarefreedom.org>

gpg: Sorry, we are in batchmode - can't get input

Here's with gpg1:
gpg --status-fd 2 --yes --passphrase-fd 3 3</tmp/1 --sign-key moglen@ </tmp/2
Reading passphrase from file descriptor 3

pub 4096R/3E908FC3 created: 2010-12-21 expires: never usage: SC

sub 2048R/901254EE created: 2010-12-21 expires: never usage: A
sub 4096R/7294318C created: 2010-12-21 expires: never usage: E
[ unknown] (1). Eben Moglen <moglen@columbia.edu>
[ unknown] (2) Eben Moglen <eben@moglen.us>
[ unknown] (3) Eben Moglen <moglen@gnu.org>
[ unknown] (4) Eben Moglen <em21@columbia.edu>
[ unknown] (5) Eben Moglen <eben@softwarefreedom.org>
[ unknown] (6) Eben Moglen <moglen@softwarefreedom.org>

Really sign all user IDs? (y/N)

Create Gpg Key

I am happy to propose a patch if you're interested in fixing this. It looks
like my GUI will have to make a pseudo-tty and feed it 'y's, it I have to work
around this!!!