Generate GPG key without passphrase
Remove prompts from your command line scripts
I had a recent task to automate building a custom Debian image, using some custom software wrapped up as *.deb packages. These packages are stored in an local APT repository via reprepro (also created and populated by our script). The problem I kept running into was my script would prompt for the GPG key’s passphrase. This breaks the automation efforts we were striving for.
I’ve over simplified here for the sake of keeping this article short and concise.
It took a lot of digging, but the “fix” for the situation above was to use a passphrase-less key. Most of the online documentation I found indicated that a GPG key had to be created with a passphrase, and then edited later to remove the passphrase. But there were hints of another way. Well, here’s the winning command:
gpg --batch --passphrase '' --quick-gen-key USER_ID default default--batchindicates we want to run in batch mode (minimizes the prompts)--passphrase ''indicates to use no passphrase, but because it is specified there will be no prompt for a passphrase--quick-gen-keyindicates we want to generate a keyUSER_IDshould be replaced with your own user ID — or email addressdefaultindicates to use the default algorithmdefaultindicates to use the default usage
Thanks to the fine documentation for giving me the final hint I needed.
