On Wed, Jun 1, 2016 at 10:56 AM, Aurélien Vallée <vallee.aurel...@gmail.com> wrote: > > So "cert" is a default for primary-keys. If I do not provide any > "Key-Usage", all usages will be set. If I do provide a "Key-Usage", then my > master key is not "certify only" anymore. >
I think that certify and sign are very similar, so it doesn't hurt if the primary key is both "cert" and "sign". I do it in batch mode like this: - https://github.com/dashohoxha/egpg/blob/gnupg-2.0/src/cmd/key/gen.sh#L42 Anyway, I generate a sign-only subkey later, and gnupg-2.0 picks by default the latest sign subkey, when it comes to signing, so the primary key normally will not be used for signing (which is what you want). > Currently, I fallback to writing an expect script to automate the key > generation. The handling of passphrases input with possibly different > pinentry programs makes the expect script insane to read and fragile in > practice. > I use the script above for automatic (batch) key generation. If you don't mind, can you share your expect script? Regards, Dashamir
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
