-
Notifications
You must be signed in to change notification settings - Fork 193
GPG Key Setup
Dianjin Wang edited this page Aug 27, 2025
·
3 revisions
GPG is installed in most Linux distributions by default. For macOS, you can install GPG with Homebrew:
brew install gnupg
View the GPG version info:
gpadmim@ubuntu:$ gpg --version
gpg (GnuPG) 2.4.4
libgcrypt 1.10.3
Copyright (C) 2024 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/gpadmin/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Run gpg --full-gen-key to generate a strong GPG key:
gpg (GnuPG) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection? 1 # input 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096 # input 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0 # input 0
Key does not expire at all
Is this correct? (y/N) y # input y
GnuPG needs to construct a user ID to identify your key.
Real name: FOO FOO # input your name
Email address: [email protected] # input your Apache email
Comment: # input some annotations, optional
You selected this USER-ID:
"FOO <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O # input O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
# Input the security key
┌──────────────────────────────────────────────────────┐
│ Please enter this passphrase │
│ │
│ Passphrase: _______________________________ │
│ │
│ <OK> <Cancel> │
└──────────────────────────────────────────────────────┘
# key generation will be done after your inputting the key with the following output
gpg: key E49B00F626B marked as ultimately trusted
gpg: revocation certificate stored as '/Users/foo/.gnupg/openpgp-revocs.d/F77B887A4F25A9468C513E9AA3008E49B00F626B.rev'
public and secret key created and signed.
pub rsa4096 2022-07-12 [SC]
F77B887A4F25A9468C513E9AA3008E49B00F626B
uid [ultimate] Foo <[email protected]>
sub rsa4096 2022-07-12 [E]
gpg --list-keys
Expected output:
-------------------------------
pub rsa4096 2022-07-12 [SC]
F77B887A4F25A9468C513E9AA3008E49B00F626B
uid [ultimate] foo <[email protected]>
sub rsa4096 2022-07-12 [E]
gpg --keyserver keyserver.ubuntu.com --send-key <key-id> # e.g., F77B887A4F25A9468C513E9AA3008E49B00F626B
Uploading takes about one minute; after that, you can check your email at the corresponding keyserver. E.g., you can open the URL https://keyserver.ubuntu.com/ in your browser and search your email.