I am writing a bash script which generates unattended GPG keys, I have looked through Unattended Usage of GPG and was surprised to find that 'Currently only one subkey can be handled.'
I am unable to find if there is a way to modify a GPG key to add a second subkey using the unattended generation functions available, or if I'll have to add the subkey manually myself.
I have attempted to use here documents, here strings and creating a file with one input per line as well as using printf similar to below:
printf 'addkey' | gpg2 --edit-key 'test@test.com'
With none of these solutions working:
balthasar@magi:~$ printf 'addkey' | gpg2 --edit-key 'test3@test.com'
printf 'addkey' | gpg2 --edit-key 'test3@test.com'
gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/AB96CED4 created: 2016-12-02 expires: 2017-09-02 usage: SC
trust: ultimate validity: ultimate
sub 2048R/71804CF2 created: 2016-12-02 expires: 2017-09-02 usage: E
[ultimate] (1). test3 <test3@test.com>
gpg>
My GPG Key File
Key-Type: RSA
Key-Length: 4096
Key-Usage: sign
Subkey-Type: RSA
Subkey-Length: 2048
Subkey-Usage: encrypt
Name-Real: Foo Bar
Name-Email: foobar@test.com
Expire-Date: 2017-09-02
%ask-passphrase
%commit
UPDATE: 4, December 2016
I have passed the first hurdle of getting some input to GPG by using the following snippet:
~$ stty -echo; gpg2 --edit-key <keyname> "addkey"
However I am unable to 'pipe' input after running the addkey command.
Best Answer
Save for the year 2019, this how you do it in an ephemeral home directory:
The trick is to use
--quick-add-key.An authentication subkey can be added similarly. We get: