Gpg: Unattended/Automated Key Generation


The --batch option to gpg is limited to generating a key with a single subkey. For anything more complicated, I am trying to use --command-fd and --status-fd. The problem I face is that I am unable to find a way around the popup requesting I input a password. Here is a simple test case:


gpg2 --homedir ./gpg-test --passphrase "apassword" --status-fd 1 --expert --full-gen-key --command-file <(cat <<-EOF 
        My Name

Despite the --passphrase switch, when the script reaches the point just before the EOF, instead of recognizing the switch, a popup appears. I tried adding apassword just before EOF, but that fails. When I try --pinentry-mode loopback, which is documented in the man page (gpg2 v.2.1.11), I get an error:

gpg: setting pinentry mode 'loopback' failed: Not supported
[GNUPG:] ERROR set_pinentry_mode 67108924
gpg: agent_genkey failed: Not supported
Key generation failed: Not supported

Best Answer

I'm going to leave this question because there are probably others with similar confusions. As it turns out, the method I am trying is working in v.2.2.4. So despite the documentation, it's not supported in 2.1.11.

On top of this, the proper and easiest way to do unattended key generation as of 2020, is to use --quick-generate-key and --quick-add-key. The method I was trying to use, with --command-fd/--status-fd, is only necessary for more complicated tasks. For example, there are many kinds of signatures on keys and --quick-sign-key only offers the simplest. For more complicated cases --edit-key may be necessary, in which case my above approach is appropriate.

Related Question