Skip to content

GPG

generate key without to many questions

  • gpg --quick-gen-key "Max Mustermann <gpg@example.com>" ed25519 sign 0d

generate encryption subkey

This extra step is required for Curved keys

  • gpg --quick-add-key gpg@example.com cv25519 encr 0d

Add identities to existing key

  • gpg --quick-add-uid gpg@example.com "Max Mustermann <max.mustermann@example.com>"

edit trustlevel quickly

gpg --import-ownertrust <<< ${GPGKEYID}:6: # for ultimate trustlevel

show key without importing it

curl -s https://gpg.example.com/pubkey.gpg | gpg --show-keys

Create offline/paper backup of your key

I'm using ed25519 elliptic curved keys. These are on pair with a rsa 3000bit key regarding breaking difficulty, but are much much smaller in size. So small you can fit the entire GPG-Private-Key (which always contains the public part as well) into a qr-code.

  • install qrencode
  • export your private key gpg -a --export-secret-key gpg@example.com > gpg@example.com.key
  • generate a qrcode containing the key qrencode -r gpg@example.com.key -o gpg@example.com.key.qr.png
  • Print your QR-Code

gpg@example.com public key

QR-Code

Using RSA Keys instead

Beware! If you are using a RSA key, it might be too big to fit into a qr-code. As of this date (Oct. 2020) QR-Codes can only fit 4296 alphanumeric charactars Whereas a 4096 Bit Private GPG Key contains 4205 charactars. This is slightly too much when adding QR-Error correction. In this case you can use paperkey which strips away the public part from the key.

Info

You can use the same procedure to export/backup your ssh private key.


Last update: January 10, 2021

Comments