adding stuff to GPG ... i think i *can* use ctx.create_key()!

2018-09-24 18:05:42 -04:00
parent 0dd54a604d
commit 69b6ec60d0
5 changed files with 112 additions and 12 deletions
--- a/docs/examples/multi_profile.xml
+++ b/docs/examples/multi_profile.xml
@@ -136,13 +136,15 @@
                </subject>
            </client>
        </pki>
-        <!-- If prompt_passphrase is "no" and passphrase attribute is not given for a gpg element, we will try to use a
+        <!-- If prompt_passphrase is false and passphrase attribute is not given for a gpg element, we will try to use a
             blank passphrase for all operations. -->
        <gpg keyid="none" gnupghome="none" publish="false" prompt_passphrase="false">
            <!-- The below is only used if we are generating a key (i.e. keyid="none"). -->
            <key algo="rsa" keysize="4096" expire="0">
                <name>{xpath%../../../meta/dev/author/text()}</name>
                <email>{xpath%../../../meta/dev/email/text()}</email>
+                <!-- If present, the subkey element will create a secondary key used *only* for signing. This is good security practice. Obviously, this is only used if we are creating a new (master) key. -->
+                <subkey algo="ed" keysize="25519" expire="0"/>
                <comment>for {xpath%../../../meta/names/pname/text()} [autogenerated] | {xpath%../../../meta/uri/text()} | {xpath%../../../meta/desc/text()}</comment>
            </key>
        </gpg>