2

I have to generate a key with gpg in my Docker image with gpg --gen-key, but it takes too long for the key generation because of the entropy. On a local machine i can fill up my entropy with rng-tools, but how can i implement this in my Dockerfile?

During my research i found some solutions, but no one of them satisfied me really.

Can you share your approach of generating a key in a Dockerfile?

EDIT:

The purpose of the key generation in the Dockerfile is, that i have to download encrypted files (which is encrypted with the public key of the docker container) from a server, decrypt it and make it available on my docker container/server.

The articles, i found for this purpose:

GPG Key Generation Fails on Alpine Linux Docker Image

Decrypt with gpg from inside a docker container

Dockerize everything - run gpg inside container

Adding GPG key inside docker container causes “no valid OpenPGP data found”

Community
  • 1
  • 1
Oni1
  • 1,445
  • 2
  • 19
  • 39
  • 1
    I guess you should describe what you try to achieve. Automatically generating keys during software builds is usually _not_ something desirable and usually there are better solutions. "During my research i found some solutions," -- in this case, _always list them_, or people will likely come up with exactly what you already tried and just waste their and your time. – Jens Erat Oct 17 '16 at 07:47
  • Do I understand correctly that you have already encrypted files in some other place and want to use them inside the container? You won't succeed in doing so by generating a new, random key, you have to import the existing private key instead. – Jens Erat Oct 17 '16 at 08:18
  • This was the next problem, what i didn't mentioned in the question... After every image build, the public key of the container is different and i have to exchange the public key of the container with opposite side... So you recommend to generate a key on my local host machine, export the private key of the generated key and add it to my docker image in the dockerfile? – Oni1 Oct 17 '16 at 08:21
  • 1
    Yes, or pass it in at runtime (for example using host volumes) if you do not want to include it in the image. – Jens Erat Oct 17 '16 at 08:24
  • Okay, this was my assumption to do it this way.. But the idea of sharing volumes is a little bit better :). Can you descripe your points in an answer, that i can accept it and we close this? – Oni1 Oct 17 '16 at 08:27

0 Answers0