I would like to execute gpg --card-edit; verify; quit
non-interactively to unlock a gpg hardware token (i.e. smartcard or yubikey).
My usecase is:
- Enter a password e.g. via ssh
- Store it in the kernel keyring
- Pass it to the hardware token when needed
One solution that works is expect
and I've used autoexpect
to create a script for that but it would contain the user password and is quite clumsy and dependent on the output of a specific gpg version.
scdaemon
could be an option but I am not sure whether it is a good idea to pass raw commands. I'm afraid to easily brick the token.
Maybe there are tools / scripts that are used for mass personalization of smartcards that could be used?
I'm open to suggestions of what to try next. Thanks!