Yes, I know it is a step into a lesser secure system, but the current setting makes it reasonable (the key is not important, but the signing has to be automatized).
Google results say this:
- List the keys with a
gpg --list-keys
- Edit the key with a
gpg --edit-key C0DEEBED....
- A gpg command line console starts, there a
passwd
command changes the passphrase - Giving the password twice (in my case, simple enter) changes the key.
However, it doesn't work, because gpg2 simply doesn't allow an empty password.
What to do?
max-cache-ttl
anddefault-cache-ttl
to 31536000 (365 days). Then "seed" the agent with a command similar toecho | gpg -sa -u <keyid> >/dev/null
. A separate script could launch, source the environment file created when starting the agent, then sign a file. In the script, executegpg
with--batch
mode and it should return an error if a password is required. Send an alert if that happens. I do a few things like this utilizing ssh and gpg agents. – Deathgrip Jul 18 '17 at 21:47