How can I use GnuPG in an automated environment?
You should use the option –batch and don’t use passphrases as there is usually no way to store it more securely than on the secret keyring itself. The suggested way to create keys for an automated environment is: On a secure machine: • If you want to do automatic signing, create a signing subkey for your key (use the interactive key editing menu by issueing the command ‘gpg –edit-key keyID’, enter “addkey” and select the DSA key type). • Make sure that you use a passphrase (needed by the current implementation). • gpg –export-secret-subkeys –no-comment foo >secring.auto • Copy secring.auto and the public keyring to a test directory. • Change to this directory. • gpg –homedir . –edit foo and use “passwd” to remove the passphrase from the subkeys. You may also want to remove all unused subkeys. • Copy secring.auto to a floppy and carry it to the target box. On the target machine: • Install secring.auto as the secret keyring. • Now you can start your new service. It’s also a good id
