Skip to content


generate key without to many questions

  • gpg --quick-gen-key "Max Mustermann <>" ed25519 sign 0d

generate encryption subkey

This extra step is required for Curved keys

  • gpg --quick-add-key cv25519 encr 0d

Add identities to existing key

  • gpg --quick-add-uid "Max Mustermann <>"

edit trustlevel quickly

gpg --import-ownertrust <<< ${GPGKEYID}:6: # for ultimate trustlevel

show key without importing it

curl -s | gpg --show-keys

Create offline/paper backup of your key

I'm using ed25519 elliptic curved keys. These are on pair with a rsa 3000bit key regarding breaking difficulty, but are much much smaller in size. So small you can fit the entire GPG-Private-Key (which always contains the public part as well) into a qr-code.

  • install qrencode
  • export your private key gpg -a --export-secret-key >
  • generate a qrcode containing the key qrencode -r -o
  • Print your QR-Code public key


Using RSA Keys instead

Beware! If you are using a RSA key, it might be too big to fit into a qr-code. As of this date (Oct. 2020) QR-Codes can only fit 4296 alphanumeric charactars Whereas a 4096 Bit Private GPG Key contains 4205 charactars. This is slightly too much when adding QR-Error correction. In this case you can use paperkey which strips away the public part from the key.


You can use the same procedure to export/backup your ssh private key.

Last update: January 10, 2021