Install gpg on macOS:

brew install gnupg pinentry-mac

if required restart gpg-agent with gpgconf --kill gpg-agent

To create a gpg key in batch mode, create a file named gpg-key-script with this value:

Key-Type: 1
Key-Length: 2048
Subkey-Type: 1
Subkey-Length: 2048
Name-Real: your name
Name-Comment: your comment
Name-Email: [email protected]
Expire-Date: 0

Next you could do something like:

$ gpg --homedir /salt/gpgkeys --batch --gen-key gen-key-script

Backup private key

To save the private key to a file:

gpg --homedir /salt/gpgkeys -a --export-secret-keys > private.key

No need to export the public key

To import the pair of keys later just do:

gpg --import private.key

rngd (linux)

If you don’t have an source of entropy it may take a while to generate the keys, if you are in a linux system you could install rngd or (rng-tools) and then type:

# rngd -v
Unable to open file: /dev/tpm0
can't open any entropy source
Maybe RNG device modules are not loaded

To start rngd usind /dev/urandom, do this:

# cp /usr/lib/systemd/system/rngd.service /etc/systemd/system

Edit /etc/systemd/system/rngd.service and replace the line starting with ExecStart with:

ExecStart=/sbin/rngd -f -r /dev/urandom

Reload systemd:

# systemctl daemon-reload

And restart rngd:

# systemctl restart rngd

using gpg as ssh

You need to install monkeysphere:

$ brew install monkeysphere

To remove password from a subkey “authentication [A]” and convert later to ssh id_rsa:

$ gpg --export-secret-subkey F6C7D705867D430! | gpg --home /tmp/x --import
$ gpg --home /tmp/x --change-passphrase F6C7D705867D430!
$ gpg --home /tmp/x --export-secret-subkey F6C7D705867D430! | openpgp2ssh F6C7D705867D430  > /tmp/naked-id_rsa

Then to add password again to the key:

$ ssh-keygen -f /tmp/naked-id_rsa -p