GPG¶
generate key without to many questions¶
gpg --quick-gen-key "Max Mustermann <gpg@example.com>" ed25519 sign 0d
generate encryption subkey
This extra step is required for Curved keys
gpg --quick-add-key gpg@example.com cv25519 encr 0d
Add identities to existing key¶
gpg --quick-add-uid gpg@example.com "Max Mustermann <max.mustermann@example.com>"
edit trustlevel quickly¶
gpg --import-ownertrust <<< ${GPGKEYID}:6: # for ultimate trustlevel
show key without importing it¶
curl -s https://gpg.example.com/pubkey.gpg | gpg --show-keys
Create offline/paper backup of your key¶
I'm using ed25519 elliptic curved keys. These are on pair with a rsa 3000bit key regarding breaking difficulty, but are much much smaller in size. So small you can fit the entire GPG-Private-Key (which always contains the public part as well) into a qr-code.
- install qrencode
- export your private key
gpg -a --export-secret-key gpg@example.com > gpg@example.com.key - generate a qrcode containing the key
qrencode -r gpg@example.com.key -o gpg@example.com.key.qr.png - Print your QR-Code
gpg@example.com public key
Using RSA Keys instead
Beware! If you are using a RSA key, it might be too big to fit into a qr-code. As of this date (Oct. 2020) QR-Codes can only fit 4296 alphanumeric charactars Whereas a 4096 Bit Private GPG Key contains 4205 charactars. This is slightly too much when adding QR-Error correction. In this case you can use paperkey which strips away the public part from the key.
Info
You can use the same procedure to export/backup your ssh private key.