Automating the generation of master keys

Hello, I would like to automate the generation of GPG master keys (I have hundreds of smartcards to configure for employees). I'm using the default GPG from CentOS 7 (gnupg 2.0.22). Ideally, I would like to have: - 1 masterkey with only the "certify" usage, stored offline. - 1 subkey with only "e

Re: Automating the generation of master keys

On Wed, Jun 1, 2016 at 10:56 AM, Aurélien Vallée wrote: > > So "cert" is a default for primary-keys. If I do not provide any > "Key-Usage", all usages will be set. If I do provide a "Key-Usage", then my > master key is not "certify only" anymore. > I think that certify and sign are very similar,

Keyserver lookup failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I am running GnuPG 2.1.2 on Windows 10, using the pre-compiled binaries. Keyserver lookup keeps failing for me as follows:- >gpg -v --keyserver hkp://pool.sks-keyservers.net --recv-key 0x251BCCEB547B7194 gpg: using character set 'utf-8' gpg: keyser

Re: Keyserver lookup failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 That was a known bug in that version. Try the most recent release, 2.1.12. -BEGIN PGP SIGNATURE- iIAEAREKACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJXTtYM AAoJEGuOs6Blz7qpUSEA/1eOzIohTnrAEA2RMIWbRpjeqYAuuoptzBK9zT2D8kNC AP9WO0ubiiHcMX

Re: Keyserver lookup failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wednesday 1 June 2016 at 1:34:15 PM, in , Brian Minton wrote: > That was a known bug in that version. > Try the most recent release, 2.1.12. Oops. That was a typo; I am using version 2.1.12. - -- Best regards MFPA

Re: Keyserver lookup failure

On 06/01/2016 01:39 PM, MFPA wrote: > > I am running GnuPG 2.1.2 on Windows 10, using the pre-compiled > binaries. Keyserver lookup keeps failing for me as follows:- > >> gpg -v --keyserver hkp://pool.sks-keyservers.net --recv-key >> 0x251BCCEB547B7194 > gpg: using character set 'utf-8' > gpg: k

Re: Automating the generation of master keys

On Wed, 1 Jun 2016 12:47, dashoho...@gmail.com said: > I do it in batch mode like this: > - https://github.com/dashohoxha/egpg/blob/gnupg-2.0/src/cmd/key/gen.sh#L42 Take care: --8<---cut here---start->8--- local commands="addkey|4|4096|1m|addkey|6|4096|1m|

Re: Automating the generation of master keys

Okay, so I did try to add the sign usage to the master-key. That works well and avoids the use of expect for generating the keys. But the problem of pinentry still kind of happens everywhere: --passphrase is now ignored when not in batch mode in gpg2, which means there is no way to provide a passp

Re: Automating the generation of master keys

On 01/06/16 19:46, Werner Koch wrote: > ps ax | grep -e '--edit-key' | grep -v grep > > does not work either because you assume that there is only one gpg > command running (actually any process with a string '--edit-key'). ... from any user. That seems odd? Why's the 'a' part of the ps invocat

Configuration hints for using gnupg (2.0.x) interchangeably with graphical frontend and in the terminal

Dear All, I am looking for hints or best practices to seamlessly mix use of GnuPG in the terminal and with frontends, in my case Enigmail in Thunderbird. I am on MacOS X (10.9.5 "Mavericks") with GnuPG installed through MacPorts as my main machine and also quite often logged into other Ma

Re: Automating the generation of master keys

On 01/06/16 21:20, Aurélien Vallée wrote: > Okay, so I did try to add the sign usage to the master-key. That works > well and avoids the use of expect for generating the keys. I think it's still an odd limitation of the Key-Usage: option that you cannot generate a master key without optional usage

Re: Automating the generation of master keys

On Wed, Jun 1, 2016 at 9:40 PM, Peter Lebbing wrote: > > Is it an option to upgrade your GnuPG to 2.1? I think it provides for a > less bumpy ride with the pinentry loopback. > I couldn't make "pinentry loopback" work in 2.1.11, so, to be sure, try to upgrade to 2.1.12 where it may work better. _

secret key not available

hI, I'm new to this GPG usage. I dont need any internals. I am running a shell script in which following line causes error : gpg --yes --sign message.txt It shows the following error: gpg: no default secret key

Re: Automating the generation of master keys

On Wed, Jun 1, 2016 at 7:46 PM, Werner Koch wrote: > > --8<---cut here---start->8--- > local commands="addkey|4|4096|1m|addkey|6|4096|1m|save" > commands=$(echo "$commands" | tr '|' "\n") > script -c "gpg --batch --command-fd=0 --edit-key $GPG_KEY <<< > \"

Re: secret key not available

On Wed 2016-06-01 11:44:16 -0400, DODDI ANTHONY BALARAJU cs15d008 wrote: > > I'm new to this GPG usage. I dont need any internals. I am running a shell > script in which following line causes error : > > gpg --yes

Re: secret key not available

What's the output of `gpg -K`? El 01/06/16 a las 17:44, DODDI ANTHONY BALARAJU cs15d008 escribió: > hI, > > > > I'm new to this GPG usage. I dont need any internals. I am running a > shell script in which followi

Re: secret key not available

On 16-06-01 21:14:16, DODDI ANTHONY BALARAJU cs15d008 wrote: > hI, > > > I'm new to this GPG usage. I dont need any internals. I am running a shell > script in which following line causes error : > > gpg --yes --

Re: Keyserver lookup failure

Hi On Wednesday 1 June 2016 at 5:31:30 PM, in , Kristian Fiskerstrand wrote: > what is the dig +trace output and any firewall > blocking port 11371 anywhere? Thanks for replying. Port 11371 is not blocked:- I can reach a keyserver's web interface in my browser at

Re: Automating the generation of master keys

On Wed, 1 Jun 2016 21:48, dashoho...@gmail.com said: > I don't remember exactly why they didn't work, but I think that in gnupg-2.1 Because gpg inserts other prompts depending on version and options. > make the logic of the scripts more complex, because my script would have > to take care of al