File: gnupg.info, Node: Agent GENKEY, Next: Agent IMPORT, Prev: Agent PKSIGN, Up: Agent Protocol
2.6.3 Generating a Key
----------------------
This is used to create a new keypair and store the secret key inside the
active PSE -- which is in most cases a Soft-PSE. A not-yet-defined
option allows choosing the storage location. To get the secret key out
of the PSE, a special export tool has to be used.
GENKEY [--no-protection] [--preset] []
Invokes the key generation process and the server will then inquire
on the generation parameters, like:
S: INQUIRE KEYPARM
C: D (genkey (rsa (nbits 1024)))
C: END
The format of the key parameters which depends on the algorithm is of
the form:
(genkey
(algo
(parameter_name_1 ....)
....
(parameter_name_n ....)))
If everything succeeds, the server returns the *public key* in a SPKI
like S-Expression like this:
(public-key
(rsa
(n )
(e )))
Here is an example session:
C: GENKEY
S: INQUIRE KEYPARM
C: D (genkey (rsa (nbits 1024)))
C: END
S: D (public-key
S: D (rsa (n 326487324683264) (e 10001)))
S OK key created
The '--no-protection' option may be used to prevent prompting for a
passphrase to protect the secret key while leaving the secret key
unprotected. The '--preset' option may be used to add the passphrase to
the cache using the default cache parameters.
The '--inq-passwd' option may be used to create the key with a
supplied passphrase. When used the agent does an inquiry with the
keyword 'NEWPASSWD' to retrieve that passphrase. This option takes
precedence over '--no-protection'; however if the client sends a empty
(zero-length) passphrase, this is identical to '--no-protection'.