Re: Subkey Generation / SmartCard

2017-04-15 Thread David Gueguen via Gnupg-users 
Hello Christoph,


with new gpg version version (>2.15) you can more easily generates sub keys


* Herafter are add subkeys to main keyring $key_id each with RSA1024 and
1 for Sign, 1 for Encrypt, 1 for Auth

 echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback
--batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase ''
$key_id rsa1024 sign 1y

  echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback
--batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase ''
$key_id rsa1024 encrypt 1y

  echo $var_pass_poem | gpg2 --no-verbose --pinentry-mode loopback
--batch --no-tty --yes --passphrase-fd 0 --quick-addkey --passphrase ''
$key_id rsa1024 auth 1y

the " echo $var_pass_poem | " trick allow you to enter the pass poem as
variable and then to not have any keyboard interaction


* Here is the automated keytocard (with keyboard interaction) check that
the exported keys are the good ones ...

  local cmd="key 2\nkeytocard\n1\ny\nkey 2\nkey 3\nkeytocard\n2\ny\nkey
3\nkey 4\nkeytocard\n3\ny\nsave\nY\n"

  echo -e $cmd | gpg2 --no-verbose --command-fd 0 --status-fd 2
--edit-key $key_id



* btw: here is how I generate main keyring:
echo "
Key-Type: $var_key_type
Key-Usage:sign cert
Key-Length:   $var_key_lenght
Subkey-Type:  $var_key_type
Subkey-Usage: encrypt
Subkey-Length:$var_key_lenght
Name-Real:$var_name
Name-Comment: $var_comment
Name-Email:   $var_mail
Keyserver:$var_web_path
Expire-Date:  $var_expiracy
Passphrase:   $var_pass_poem
Preferences:  $var_pref
  " > gen_key_script  # creating SC and E keys
gpg2 --batch --full-gen-key gen_key_script


I am also trying to make gpg card ready to go in a automated way
https://github.com/bourinus/gpg_SmartCard_generation


Hope this helps,
Best rgds,
david


On 14/04/2017 20:47, Christoph J wrote:
> I am trying to batch provision yubikeys.
> 
> Using the --batch, I can generate the initial key, but I am unable to
> add more than a single subkey.
> 
> Is there a way to batch provision subkeys, specifying the usage
> (signing, encryption, auth) without havi

ng to go into --edit-key /
> interactive mode?
> 
> On the same topic, is there a way to do 'keytocard', again without
> having to do --edit-key --> toggle --> keytocard interactively?
> 
> Any insight on this would be most helpful. Thanks!
> 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Subkey Generation / SmartCard

2017-04-14 Thread Christoph J 
I am trying to batch provision yubikeys.

Using the --batch, I can generate the initial key, but I am unable to add
more than a single subkey.

Is there a way to batch provision subkeys, specifying the usage (signing,
encryption, auth) without having to go into --edit-key / interactive mode?

On the same topic, is there a way to do 'keytocard', again without having
to do --edit-key --> toggle --> keytocard interactively?

Any insight on this would be most helpful. Thanks!
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users