Linux Mastering Development

How can I generate gpg keys in scripts without leaving gpg-agent running?

Recent versions of gpg launch a persistent user process (gpg-agent) when generating keys. This process remains running even after the command terminates. I want to change this behavior.

Currently, I’m using unshare and PID namespaces to isolate and kill off anything that gpg leaves running. Unfortunately, this approach requires elevated privileges that may not always be available (root and access to pid/mount namespace).

Is there a way for a script to "cleanly" generate gpg keys using gpg without

  1. leaving processes running, or
  2. requiring elevated privileges?

For the sake of completion, the following roughly illustrates my current setup:

sudo unshare -fp --mount-proc sh -c 'gpg --homedir /tmp/TEMP_DIR --generate-key --batch; kill -9 -1' <<EOF
Key-Type: DSA
Key-Length: 768
Name-Real: TEMPKEY
Name-Comment: TEMPKEY
Name-Email: noreply@localhost
Expire-Date: 0

Leave a Reply

Your email address will not be published. Required fields are marked *