When most people think about creating PGP keys, they immediately type gpg --full-generate-key . It’s the standard. But what if I told you there’s a leaner, more scriptable, and arguably more transparent way to generate the same keys?
$ pkeygen --version rnp 0.17.0 Create a file called key-config.json :
%echo Generating a default key Key-Type: RSA Key-Length: 3072 Subkey-Type: RSA Subkey-Length: 3072 Name-Real: Joe Tester Name-Comment: Automation Name-Email: joe@example.com Expire-Date: 0 %commit pkeygen
pkeygen --config key-config.json --output my-private-key.gpg To generate a public key only (for distribution):
rnpkeys --export --armor --output my-pubkey.asc The real power of pkeygen is defining multiple subkeys for different purposes (authentication, encryption, signing). Here’s a production-ready config: When most people think about creating PGP keys,
Enter — a utility often bundled with OpenPGP implementations like rnp (RNC’s OpenPGP implementation) and sometimes found in gpg as an undocumented subcommand. While it’s not as famous as its gpg cousin, pkeygen offers a refreshing, JSON-driven approach to key creation.
I’d love to hear about your workflows. Drop a comment below or ping me on the OpenPGP mailing list. Want to dive deeper? Check out the official RNP documentation or explore the pkeygen man page ( man pkeygen ). $ pkeygen --version rnp 0
pkeygen --config key-config.json --output public-key.gpg --public You’ll get a binary OpenPGP keyring. Convert it to ASCII armor if needed: