Dear All,
Context:
https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
A script will create on demand GPG keys unattended that will be further
used to automatically sign a document, but the requirement is that they
must also include an Encryption subkey to receive feedback securely.
Question is: keys can be generated unattended just fine, except I did
not find a clear way to pass an Expire date param to the encryption
subkey only, and not the primary key as well. The requirement is that
the primary key must NEVER expire and the encryption subkey MUST expire
in 2 years.
Example:
Key-Type: eddsa
Key-Curve: ed25519
Key-Usage: sign, cert, auth
Name-Real: Test
Name-Email: test@test.com
Expire-Date: 0
Subkey-Type: ecdh
Subkey-Curve: cv25519
Subkey-Usage: encrypt
How to pass an expiration date ONLY for the encryption subkey while
leaving the primary key with no expiration date?
(I know that this goal can be later achieved by using $ gpg --edit-key
but I am looking for a solution within the unattended key generation itself)
Context:
https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html
A script will create on demand GPG keys unattended that will be further
used to automatically sign a document, but the requirement is that they
must also include an Encryption subkey to receive feedback securely.
Question is: keys can be generated unattended just fine, except I did
not find a clear way to pass an Expire date param to the encryption
subkey only, and not the primary key as well. The requirement is that
the primary key must NEVER expire and the encryption subkey MUST expire
in 2 years.
Example:
Key-Type: eddsa
Key-Curve: ed25519
Key-Usage: sign, cert, auth
Name-Real: Test
Name-Email: test@test.com
Expire-Date: 0
Subkey-Type: ecdh
Subkey-Curve: cv25519
Subkey-Usage: encrypt
How to pass an expiration date ONLY for the encryption subkey while
leaving the primary key with no expiration date?
(I know that this goal can be later achieved by using $ gpg --edit-key
but I am looking for a solution within the unattended key generation itself)