Pkeygen

pkeygen --config key-config.json --output public-key.gpg --public You’ll get a binary OpenPGP keyring. Convert it to ASCII armor if needed:

It is part of the suite (which also includes rnpgpg , rnpkeys , and rpki ). RNP aims to be a high-performance, easy-to-integrate OpenPGP library used by projects like Mozilla Thunderbird and ProtonMail Bridge .

%echo Generating a default key Key-Type: RSA Key-Length: 3072 Subkey-Type: RSA Subkey-Length: 3072 Name-Real: Joe Tester Name-Comment: Automation Name-Email: joe@example.com Expire-Date: 0 %commit pkeygen

The key takeaway: pkeygen is for automation, CI/CD pipelines, and anyone who hates answering “Real name:” and “Email:” a hundred times. GnuPG does have a batch mode, but its configuration syntax is arcane. Compare this:

rnpkeys --export --armor --output my-pubkey.asc The real power of pkeygen is defining multiple subkeys for different purposes (authentication, encryption, signing). Here’s a production-ready config: pkeygen --config key-config

When most people think about creating PGP keys, they immediately type gpg --full-generate-key . It’s the standard. But what if I told you there’s a leaner, more scriptable, and arguably more transparent way to generate the same keys?

{ "params": [ { "type": "EDDSA", "curve": "Ed25519" } ], "userid": "DevOps Bot <ci@example.com>" } Then run: %echo Generating a default key Key-Type: RSA Key-Length:

The JSON interface is modern, the output is predictable, and the learning curve is shallow. Next time you find yourself writing a bash script to feed gpg --batch with a heredoc full of magic strings, stop. Reach for pkeygen .