Trust gpg key via script

Question

When performing an automated server deployment, I can upload and import gpg keys via script. But I cannot trust keys.

I tried

gpg --batch --yes --edit-key keyname trust 5

and

echo 5 | gpg --batch --yes --edit-key keyname trust -

In non-batch mode it always stops to ask for input. In batch mode it ignores input.

What is the correct syntax?

score 5 · Accepted Answer · answered Apr 03 '20 at 09:15

5

get fingerprint for key "keyname":
FP=$(gpg --list-keys keyname | head -n2 | tail -n1 | tr -d '[:blank:]')

trust key:
echo -e "5\ny\n" | gpg --command-fd 0 --edit-key "$FP" trust

answered Apr 03 '20 at 09:15

lonix

x-yuri · Answer 2 · 2022-06-08T11:14:20.090

0

$ fingerprint=`gpg --fingerprint --with-colons b@gmail.com \
    | awk -F: '/^pub:/ {getline; print $10}'`
$ gpg --quick-sign-key "$b_fingerprint"

Determining a fingerprint is taken from here. A bigger example can be found here.

edited Jun 08 '22 at 11:14

answered Jun 08 '22 at 07:28

x-yuri

2 Answers2