It is part of the suite (which also includes rnpgpg , rnpkeys , and rpki ). RNP aims to be a high-performance, easy-to-integrate OpenPGP library used by projects like Mozilla Thunderbird and ProtonMail Bridge .
{ "params": [ { "type": "EDDSA", "curve": "Ed25519" } ], "userid": "DevOps Bot <ci@example.com>" } Then run: pkeygen
pkeygen --config key-config.json --output public-key.gpg --public You’ll get a binary OpenPGP keyring. Convert it to ASCII armor if needed: It is part of the suite (which also
The key takeaway: pkeygen is for automation, CI/CD pipelines, and anyone who hates answering “Real name:” and “Email:” a hundred times. GnuPG does have a batch mode, but its configuration syntax is arcane. Compare this: Convert it to ASCII armor if needed: The
The JSON interface is modern, the output is predictable, and the learning curve is shallow. Next time you find yourself writing a bash script to feed gpg --batch with a heredoc full of magic strings, stop. Reach for pkeygen .
rnpkeys --export --armor --output my-pubkey.asc The real power of pkeygen is defining multiple subkeys for different purposes (authentication, encryption, signing). Here’s a production-ready config:
pkeygen --config ephemeral.json --output build-key.gpg sign-commit --key build-key.gpg # Destroy after use Store your key config in a Git repo, then:
