So I know this topic is covered hundreds of times all over the internet. But I figured if I’m going to cover GPG topics later, I should probably also have a gpg tutorial here. Plus, its super easy, and gives me a chance to get into my groove with markdown.
I’m running this in Arch, but this should be disto agnostic.
This command should get us started
UserName@Arch-desktop ~/.gnupg % gpg --full-generate-key
That should give us the following output:
gpg (GnuPG) 2.2.1; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
Generally speaking, the default selection of ‘RSA and RSA’ should be perfect, and will give us the ability to both sign, and encrypt.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
The default here is 2048… But we want a stronger key, and should select 4096:
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
This is a matter of personal preference. I don’t like the idea of a key that never expires, so I will be generating mine to expire in 1 year. If you’re generating subkeys, it may be helpful to have a master key that never expires, but we’ll cover that in another post at some point. Once you enter your expiry, you’ll be prompted to answer a few more questions.
Key is valid for? (0) 1y
Key expires at Sat 20 Oct 2018 11:39:45 PM EDT
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Nick Doubleday
Email address: [email protected]
Comment:
You selected this USER-ID:
"Nick Doubleday <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
At this point you may have to wait a few moments while entropy is generated, or it could complete really fast. Mine completed very quickly and I didn’t have to wait
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key CBC93EE27AD21689 marked as ultimately trusted
gpg: revocation certificate stored as '/home/UserName/.gnupg/openpgp-revocs.d/53AA82AE420BD51A08EB57F0CBC93EE27AD21689.rev'
public and secret key created and signed.
pub rsa4096 2017-10-21 [SC] [expires: 2018-10-21]
53AA82AE420BD51A08EB57F0CBC93EE27AD21689
uid Nick Doubleday <[email protected]>
sub rsa4096 2017-10-21 [E] [expires: 2018-10-21]
UserName@Arch-desktop ~/.gnupg %
If you would like to see your secret key, you can execute the following command:
gpg --export-secret-keys --armor [email protected]
I would highly recommend backing up your private key somewhere safe, and offline, such as a USB Device encrypted with Tomb.
Now the only thing left to do is to upload your pubkey to a key server so that others can find it. First, you’ll need the fingerprint of your key
UserName@Arch-desktop ~/.gnupg % gpg --list-keys --fingerprint [email protected]
pub rsa4096 2017-10-21 [SC] [expires: 2018-10-21]
53AA 82AE 420B D51A 08EB 57F0 CBC9 3EE2 7AD2 1689
uid [ultimate] Nick Doubleday <[email protected]>
sub rsa4096 2017-10-21 [E] [expires: 2018-10-21]
Take the last 8 digits of the fingerprint. So in the above example, the fingerprint is ` 53AA 82AE 420B D51A 08EB 57F0 CBC9 3EE2 7AD2 1689`. We only need the last 8 digits to upload our pubkey:
UserName@Arch-desktop ~/.gnupg % gpg --send-keys 7AD21689
gpg: sending key CBC93EE27AD21689 to hkps://hkps.pool.sks-keyservers.net
Congrats! Your key is now uploaded!
You can also export your pubkey locally
UserName@Arch-desktop ~ % gpg --export -a "[email protected]"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFnqwZQBEADYFebqimSAjsAV0wbAs7HxZlbsdyQdvh9tRh/1sOSaIKQ7d4gp
sX2kNgUUkltGKtTRpi3FSZPvWEfXYBiUWxE6SYbGKQxgw8BF0DeH7nbEAAGQ0v77
3GGdGSDmXtS1JvvccMvXD6Ggbz3U/7RwHkCQ2QdDcCioNJQQkXk7KkMER+LZbpoi
NgN4EyKJDuRZ9jQsJhR8qtqSZo7uriP+EGYkf39Hp+8MqxDgE8cxKPyZknHGjI7B
dG4nsK7WtwpiV731tuED9lohIcDcEeL4eNmiuBtm6LtciukppLmazA+CmHOigoZK
PyHKA+GoPpimoRFsSuqBLCORGLnO+eqjj+OLG7YvXQXSPRkY1TnNvqxksrHAF2dG
EOkaTN7l2BjrVSgLHUTArQUTwX/F2HSgelDbR7z/evp/S1rS3BVW88Bid4oNZn2E
cCFIa5bnPgljNzV4wt1hhG9bUVZ54/FyF01CGs3ri6FOLcHfVbjqnAfot9T7/L9S
lEnuDYq2NG2OFui4OA8w2p5I3BR1WkDTtUu5PUZ+DU+uchCKjeOeRKCqBOiNG0v9
0UUHyI24wiUrNFSGsrlD1N0FCnmTFG4Uv1V27knAbqUQ1V3pukpsjNIPTwq8Repc
zWgFQq32LNgdf4yLLxroSTf5PiNUfXECPURudEHrYOkZcYmZ00+kw62ruwARAQAB
tCZOaWNrIERvdWJsZWRheSA8bmlja0BoYWNrZXJzdXBwbHkub3JnPokCVAQTAQgA
PhYhBFOqgq5CC9UaCOtX8MvJPuJ60haJBQJZ6sGUAhsDBQkB4TOABQsJCAcCBhUI
CQoLAgQWAgMBAh4BAheAAAoJEMvJPuJ60haJWqkQALkurhDECsPiXZNVJF9Dpnmq
qHqt6tIgs7O+51wB311d807BcMSSdcxu7f8zVE0nZo+495rBbjFh7JJ9C090ZPAu
rtGXZMHZurWavbdCf7ISqGxtPOYRdcXdgAkyExPM6U3txJCJP6HiH0AUeCwMKdJA
r989eQVyKmyXu4UBoRHx8HPyeEo/LX/uRh+7/W1i1yeENxAYWCdk2HrtulJPBmdk
VTZM3MAQSMzk27RLteGIbB9zaSoMyWBmnkbmlGAGTuYokWLO78/sx11dmXo/Qo3p
0ltUDHDqbGEvl7HdIkgqbUXOd6zPDq+TRbqWdtdKyLBp2qC3LwPehz0Eh3kpSqug
lx2gwCz4+d4NRVobM+KFZcNYLkeVcPMxoTcr5+/YNB4/USPea2kcTOLGEa+dKPmG
1+NITXsysopP3oc7Wxx6HYGRa3Ke/mb7v8cLyr3mkO6tZjl+/g3tCNNvjRdZKZrd
YnMnZyMSqy3+ceiDb9UyNbJizZMxUbGomvydcUACp0eWKls6iFhtdmrZq5z9NQVc
M+JNZNh4Y0HcMXpIfO9iXueJ2ESxQXC+lFXmzWDy/nehvOZJhs5H9Jg/9VEess96
e/PMTaiYrl0+4QEQm6jkggZfb94+dzSa/w7vjiwr4I8/bVzN7AKKe5MdhQ+qlmjC
L5U7ntViLm/TcdmeXCPfuQINBFnqwZQBEADZVHaOe+1HbNmgMFxN4cont0JxVaZV
9en0a+a5+M0PmFjDRtwaWeOVPVQWkyMOM4e0njpNWIg1XwYVMBneqKjQXqTWz8Wy
u6zL+UX3BYIRUb13n9I4fip8wq4pHJEBGhFDTZ3/ep0z2ftVUfRLyACIlwT4DoFC
COgb3QX8lxOGHqQLB/LiP5Nhk/LrPfmGR5DZbcSP0aHx8vQFFFZUKuuM7AGN5fnO
dzspuKQOUbxXytj+vp351jamNtML4wo5i4i643zq9/+00RxhkV2qCDtdSZJiZT15
YCyQBCMZiX3xmQZ8jKXRrKXbyYPe4cSpx7KbGlOoZyKuJ4i7GBXQMqmhZwubXuhk
VSVdECls5p+7arBIgVypQsaDilRWmMg+aK7KV2u/WZF19r/75mTyS35DpRC2oMb9
vIsuaHki/wY0n5GrZQXIoOOluCpOuCX4R3XrdJoLOJcpLQ1mTWlJC//HcXjuHO7F
ntGyLthniZ9dmr1ike0QPBpB67qv+N6fKQKZj+rriS7NOUTHYyXolPA2G+3o3cWg
v/ZUjt/W84r/uMy/VU10GApAf/v6VlHT6NN9wxRb/DxH/iGulnD7o7aAsl0pz8bI
ZT8Xu+KnVqcR8/Q/tyfT1d1R3C5uZamlzCky9MXNdRYX3VRrcLjaf4aG+TBkEK2r
376UA+gnnxJIYwARAQABiQI8BBgBCAAmFiEEU6qCrkIL1RoI61fwy8k+4nrSFokF
AlnqwZQCGwwFCQHhM4AACgkQy8k+4nrSFolgMA//YvFfPNK7XJcqRqOYavWDWi3F
Yw/zwvU/dusXVTolvmHFF8QXg7/gmmKxqxV9MYmZvCOWti62pqE6yW+s/fGBMuA2
I9Wj44GiO7RKC2+bFJeDdzbuvLjsGOz9X+csTNas8ETlF7ilv/OQq5RbYDkTYwKO
eysUcXuyB/oX6ewBT9fljpBT8n9EUIuuzdF6ikJLsyrCox/nWcsnzKHLnNicX3e7
EnqPwrihCnzpUC7pu0LNpz4YKK7ik+536G0jLU90y1wvDS4wUA6QyGA2lfDz0Rd6
ZUU3eq5eyls4rLiC/X2R02mg1QEmWlCE4AeUNNjYjDHrdHssAocwwE5+Omaq/3Ww
tlReUIZcaEifszcD1Dyam3djJbHUAqY0Ii7XqHayXw+w4cXM+Mv4ZT0FbjyRf37N
89NXzGF6HxzRAbZbjtQow0G8/MZ9Lybu6Al7PKKvEvhpNEkw54YaYUq3jNhbcZQc
xTa+iJQ/nbR4T5jzxp2sBJ9cYYuhM/rlJ9VZbDF/YXCc/WnNOiFlKpASbmKwdKLI
YXI59tULhBaiHUMyxkS5IUd89CvXDFsEPH8raEsQ3S7i4ZeUxBAUbSpHIxBKZr+/
+YrmJrzEtvyMDoY6+oXesXkDHvIXCnEtakc2jbqTLL5Qbh4M9DnS2YEWEekqfDp3
aRnofJZ78QyscONzBR4=
=1m6J
-----END PGP PUBLIC KEY BLOCK-----
That’s basically it in a nutshell! We’ll do more fun stuff with GPG and encryption later!