iWMSLogo
Please Wait ...
Skip links

Type and hit enter

Pkeygen Apr 2026

rnpkeys --export --armor --output my-pubkey.asc The real power of pkeygen is defining multiple subkeys for different purposes (authentication, encryption, signing). Here’s a production-ready config:

pkeygen --config key-config.json --output my-private-key.gpg To generate a public key only (for distribution):

pkeygen --config ephemeral.json --output build-key.gpg sign-commit --key build-key.gpg # Destroy after use Store your key config in a Git repo, then: pkeygen

When most people think about creating PGP keys, they immediately type gpg --full-generate-key . It’s the standard. But what if I told you there’s a leaner, more scriptable, and arguably more transparent way to generate the same keys?

The JSON interface is modern, the output is predictable, and the learning curve is shallow. Next time you find yourself writing a bash script to feed gpg --batch with a heredoc full of magic strings, stop. Reach for pkeygen . rnpkeys --export --armor --output my-pubkey

In this post, we’ll dive into what pkeygen is, how it differs from traditional methods, and why you might want to add it to your crypto toolkit. Unlike the interactive wizards of GnuPG, pkeygen is designed to be non-interactive and data-driven . It reads a simple JSON configuration file (or string) and outputs a binary or armored OpenPGP keyring.

%echo Generating a default key Key-Type: RSA Key-Length: 3072 Subkey-Type: RSA Subkey-Length: 3072 Name-Real: Joe Tester Name-Comment: Automation Name-Email: joe@example.com Expire-Date: 0 %commit But what if I told you there’s a

I’d love to hear about your workflows. Drop a comment below or ping me on the OpenPGP mailing list. Want to dive deeper? Check out the official RNP documentation or explore the pkeygen man page ( man pkeygen ).

The key takeaway: pkeygen is for automation, CI/CD pipelines, and anyone who hates answering “Real name:” and “Email:” a hundred times. GnuPG does have a batch mode, but its configuration syntax is arcane. Compare this:

$ pkeygen --version rnp 0.17.0 Create a file called key-config.json :