The --batch option to gpg is limited to generating a key with a single subkey. For anything more complicated, I am trying to use --command-fd and --status-fd. The problem I face is that I am unable to find a way around the popup requesting I input a password. Here is a simple test case:
#!/bin/bash
gpg2 --homedir ./gpg-test --passphrase "apassword" --status-fd 1 --expert --full-gen-key --command-file <(cat <<-EOF
8
S
Q
1024
0
My Name
me@my.com
mycomment
EOF
)
Despite the --passphrase switch, when the script reaches the point just before the EOF, instead of recognizing the switch, a popup appears. I tried adding apassword just before EOF, but that fails. When I try --pinentry-mode loopback, which is documented in the man page (gpg2 v.2.1.11), I get an error:
gpg: setting pinentry mode 'loopback' failed: Not supported
[GNUPG:] ERROR set_pinentry_mode 67108924
gpg: agent_genkey failed: Not supported
Key generation failed: Not supported
Best Answer
I'm going to leave this question because there are probably others with similar confusions. As it turns out, the method I am trying is working in v.2.2.4. So despite the documentation, it's not supported in 2.1.11.
On top of this, the proper and easiest way to do unattended key generation as of 2020, is to use --quick-generate-key and --quick-add-key. The method I was trying to use, with
--command-fd/--status-fd, is only necessary for more complicated tasks. For example, there are many kinds of signatures on keys and--quick-sign-keyonly offers the simplest. For more complicated cases--edit-keymay be necessary, in which case my above approach is appropriate.