It is part of the suite (which also includes rnpgpg , rnpkeys , and rpki ). RNP aims to be a high-performance, easy-to-integrate OpenPGP library used by projects like Mozilla Thunderbird and ProtonMail Bridge .
rnpkeys --export --armor --output my-pubkey.asc The real power of pkeygen is defining multiple subkeys for different purposes (authentication, encryption, signing). Here’s a production-ready config:
%echo Generating a default key Key-Type: RSA Key-Length: 3072 Subkey-Type: RSA Subkey-Length: 3072 Name-Real: Joe Tester Name-Comment: Automation Name-Email: joe@example.com Expire-Date: 0 %commit pkeygen
In this post, we’ll dive into what pkeygen is, how it differs from traditional methods, and why you might want to add it to your crypto toolkit. Unlike the interactive wizards of GnuPG, pkeygen is designed to be non-interactive and data-driven . It reads a simple JSON configuration file (or string) and outputs a binary or armored OpenPGP keyring.
{ "params": [ { "type": "EDDSA", "curve": "Ed25519" } ], "userid": "DevOps Bot <ci@example.com>" } Then run: It is part of the suite (which also
pkeygen --config ephemeral.json --output build-key.gpg sign-commit --key build-key.gpg # Destroy after use Store your key config in a Git repo, then:
The key takeaway: pkeygen is for automation, CI/CD pipelines, and anyone who hates answering “Real name:” and “Email:” a hundred times. GnuPG does have a batch mode, but its configuration syntax is arcane. Compare this: { "params": [ { "type": "EDDSA", "curve": "Ed25519"
pkeygen --config key-config.json --output my-private-key.gpg To generate a public key only (for distribution):