Generate GPG Keys

Requirements

• GPG2

Steps

There are two main ways you can generate a GPG key. You can either use an interactive method by executing a basic command and you will be asked a series of questions to answer, or you can create a configuration file with all of your settings and have the program use that.

Interactive Method

Open your terminal and enter the following command:

gpg2 --full-gen-key

You will be asked a series of questions, that you need to answer:

I recommend 1 (the default) for the kind of key.

I prefer to generate 4096 bit keys.

A better man than me would probably have their keys expire automatically, however, I think I will setup a reminder instead and set length to last forever.

Enter your name:

Enter your email (or not)

Enter a comment for the key (to remember it by if you have many)

Enter o (not zero) to confirm your selections:

Configuration File Method

Create a configuration file with all of your settings in like so:

Key-Type: RSA
Key-Length: 4096
Key-Usage: sign
Subkey-Type: RSA
Subkey-Length: 3072
Subkey-Usage: encrypt
Preferences: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
Name-Real: Programster
Name-Comment: Programster from blog.programster.org, the blog about Linux and open source.
Name-Email: programster@programster.org
Passphrase: my super secret passphrase here

Then you can use it by executing the command:

gpg2 --gen-key --verbose --batch $CONFIG_FILEPATH

It is probably better to not have the passphrase in the file, and if it is not in there, then you will be prompted to enter it when you run the command to generate. This example uses a subkey of a different size for encryption for demonstration purposes.

Entropy Issues

You may receive the following message immediately after having used either of the methods above:

At this point you need to leave the terminal in the background and go do something else. Take this time to write a blog post, browse your facebook feed, or compile some programs etc. Your computer will be using your seemingly random interactions to provide randomness for generating key.

When you see this, just keep working away at something else. Eventually your key will be generated.

You may see that the number of bytes required increasing rather than decreasing during key generation.

Extra Info On Entropy

I spent this time googling what this message meant and found a few posts offering solutions in the form of using rng-tools in combination with /dev/urandom to create the entropy.

I remember reading somewhere that relying on /dev/random is not safe. If it was safe, GPG would probably have just used that instead of waiting for user interaction to generate the key in the first place!