Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Generate GPG Keys

Requirements

Steps

Open your terminal and enter the following command:

gpg2 --full-gen-key

You will be asked a series of questions, that you need to answer:

I recommend 1 (the default) for the kind of key.

I prefer to generate 4096 bit keys.

A better man than me would probably have their keys expire automatically, however, I think I will setup a reminder instead and set length to last forever.

Enter your name:

Enter your email (or not)

Enter a comment for the key (to remember it by if you have many)

Enter o (not zero) to confirm your selections:

Entropy Issues

At this point I recieved the following message:

At this point you need to leave the terminal in the background and go do something else. Take this time to write a blog post, browse your facebook feed, or compile some programs etc. Your computer will be using your seemingly random interactions to provide randomness for generating key.

Warning

I spent this time googling what this message meant and found a lot of posts (1, 2, 3) offering solutions in the form of using rng-tools in combination with /dev/urandom to create the entropy. I remember reading somewhere that relying on /dev/radon is not safe. If it was safe, GPG would probably have just used that instead of waiting for user interaction to generate the key in the first place!

You may see that the number of bytes required increasing rather than decreasing during key generation.

Dont panic! Just keep working away at something else. I am hoping that this is because I was generating multiple keys due the "user experience" issues I was having. Eventually your key will be generated.

Last updated: 16th August 2018
First published: 16th August 2018