Skip to main content

Generate GPG keypair

Generate GPG keypair commands begin with:

smctl gpg keypair generate

or

smctl gpg kp gen

Flags

Table 1. Flags for generating a GPG keypair

Shortcut

Flag

Description

--can-sign string

can sign attribute (default "YES")

--curve string

ECDSA curve name (default "P-256")

--gpg-key-type string

GPG key type - MASTER|SUB (default "SUB")

--groups string

Assign the keypair o a group by specifying the group ID.

--hsm-partition-id string

Provide the HSM partition ID to specify which HSM you want the keypair to be stored on.

--key-alg string

key algorithm - RSA|ECDSA|EdDSA (default "RSA")

--key-size int

RSA key size in bits (default 3072)

--key-status string

keypair mode - ONLINE|OFFLINE (default "ONLINE")

--key-storage string

keypair storage - DISK|HSM (default "DISK")

--key-type string

key type - PRODUCTION|TEST (default "PRODUCTION")

--master-gpg-keypair-id string

master GPG Keypair ID.

--restricted

Specify "true" to restrict access or "false" to allow all users on this account access to the keypair (default is true).

--team-id

Assign the keypair to a team by specifying the team ID.

--uids stringArray

Add GPG Master key UID(s). Format:

--uids "name=<user_name>,comment=<comment>,email=<user_email_id>

--account-id string

Account Id for the user. Format:

--account-id="<value>"

--users string

Assign the keypair to specific users by specifying their UIDs.

-h

--help

Help for keypair.


Examples

Description: Generate a GPG master key.

Command:

smctl gpg keypair generate <master key alias> --key-alg “<algorithm>” --key-size <RSA key size>|--curve “<ECDSA curve name>” --can-sign “<YES or NO>” --gpg-key-type “MASTER” --uids “name=<name>,email=<email>", “name=<name>,email=<email>"

Command sample:

smctl gpg keypair generate smctl_gpg_master --key-alg "ECDSA" --curve "P256" --can-sign "YES" --gpg-key-type "MASTER" --uids "name=useridsmctl1,email=name@digicert.com name=useridsmctl2,email=name@digicert.com"

Description: Generate a GPG subkey.

Command:

smctl gpg keypair generate <subkey alias> --can-sign "<YES or NO>" --gpg-key-type "SUB" --key-alg “<algorithm>” --key-size < RSA key size in bits> | --curve “<ECDSA curve name>” --key-type "<TEST or PRODUCTION>" --master-gpg-keypair-id "<keypair id for gpg master key>"

Command sample:

smctl gpg keypair generate gpg_smctl_sub1 --can-sign "YES" --gpg-key-type "SUB" --key-alg "RSA" --key-size 3072 --key-type "TEST" --master-gpg-keypair-id "34d08346-7560-48d7-a5db-f6570e704857"
: