Pass expiration date param to subkey only via unattended key generation
s7r
s7r at sky-ip.org
Tue Oct 4 23:21:19 CEST 2022
Dear All,
Context:
https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
A script will create on demand GPG keys unattended that will be further
used to automatically sign a document, but the requirement is that they
must also include an Encryption subkey to receive feedback securely.
Question is: keys can be generated unattended just fine, except I did
not find a clear way to pass an Expire date param to the encryption
subkey only, and not the primary key as well. The requirement is that
the primary key must NEVER expire and the encryption subkey MUST expire
in 2 years.
Example:
Key-Type: eddsa
Key-Curve: ed25519
Key-Usage: sign, cert, auth
Name-Real: Test
Name-Email: test at test.com
Expire-Date: 0
Subkey-Type: ecdh
Subkey-Curve: cv25519
Subkey-Usage: encrypt
How to pass an expiration date ONLY for the encryption subkey while
leaving the primary key with no expiration date?
(I know that this goal can be later achieved by using $ gpg --edit-key
but I am looking for a solution within the unattended key generation itself)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20221005/47620b69/attachment-0001.sig>
More information about the Gnupg-users
mailing list