Dear All, Context: https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
A script will create on demand GPG keys unattended that will be further used to automatically sign a document, but the requirement is that they must also include an Encryption subkey to receive feedback securely.
Question is: keys can be generated unattended just fine, except I did not find a clear way to pass an Expire date param to the encryption subkey only, and not the primary key as well. The requirement is that the primary key must NEVER expire and the encryption subkey MUST expire in 2 years.
Example: Key-Type: eddsa Key-Curve: ed25519 Key-Usage: sign, cert, auth Name-Real: Test Name-Email: t...@test.com Expire-Date: 0 Subkey-Type: ecdh Subkey-Curve: cv25519 Subkey-Usage: encryptHow to pass an expiration date ONLY for the encryption subkey while leaving the primary key with no expiration date?
(I know that this goal can be later achieved by using $ gpg --edit-key but I am looking for a solution within the unattended key generation itself)
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
