Generate GPG key without passphrase

Remove prompts from your command line scripts

Shawn Grover
2 min readJun 3, 2021
Photo by Florian Berger on Unsplash

I had a recent task to automate building a custom Debian image, using some custom software wrapped up as *.deb packages. These packages are stored in an local APT repository via reprepro (also created and populated by our script). The problem I kept running into was my script would prompt for the GPG key’s passphrase. This breaks the automation efforts we were striving for.

I’ve over simplified here for the sake of keeping this article short and concise.

It took a lot of digging, but the “fix” for the situation above was to use a passphrase-less key. Most of the online documentation I found indicated that a GPG key had to be created with a passphrase, and then edited later to remove the passphrase. But there were hints of another way. Well, here’s the winning command:

gpg --batch --passphrase '' --quick-gen-key USER_ID default default
  • --batch indicates we want to run in batch mode (minimizes the prompts)
  • --passphrase '' indicates to use no passphrase, but because it is specified there will be no prompt for a passphrase
  • --quick-gen-key indicates we want to generate a key
  • USER_ID should be replaced with your own user ID — or email address
  • default indicates to use the default algorithm
  • default indicates to use the default usage

Thanks to the fine documentation for giving me the final hint I needed.

--

--

Shawn Grover
Shawn Grover

No responses yet