amnesia@amnesia:~$ gpg --full-gen-key --expert gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC and ECC (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key Your selection? 11
Possible actions for a ECDSA/EdDSA key: Sign Certify Authenticate Current allowed actions: Sign Certify
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? s
Possible actions for a ECDSA/EdDSA key: Sign Certify Authenticate Current allowed actions: Certify
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? q Please select which elliptic curve you want: (1) Curve 25519 (3) NIST P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool P-384 (8) Brainpool P-512 (9) secp256k1 Your selection? 1 Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 50y Key expires at Tue 15 Apr 2070 0429 AM UTC Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: John Smith Email address: [email protected] Comment: You selected this USER-ID: "John Smith [email protected]"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: key 0xC0A36B17811FFED4 marked as ultimately trusted gpg: revocation certificate stored as '/home/amnesia/.gnupg/openpgp-revocs.d/C5246A0ADE20E283A90E382CC0A36B17811FFED4.rev' public and secret key created and signed.
pub ed25519/0xC0A36B17811FFED4 2020-04-27 [C] [expires: 2070-04-15] Key fingerprint = C524 6A0A DE20 E283 A90E 382C C0A3 6B17 811F FED4 uid John Smith [email protected]
amnesia@amnesia:~$ gpg --expert --edit-key 0xC0A36B17811FFED4 gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u gpg: next trustdb check due at 2025-04-12 sec ed25519/0xC0A36B17811FFED4 created: 2020-04-27 expires: 2070-04-15 usage: C trust: ultimate validity: ultimate [ultimate] (1). John Smith [email protected]
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 11
Possible actions for a ECDSA/EdDSA key: Sign Authenticate Current allowed actions: Sign
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? q Please select which elliptic curve you want: (1) Curve 25519 (3) NIST P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool P-384 (8) Brainpool P-512 (9) secp256k1 Your selection? 1 Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 3y Key expires at Thu 27 Apr 2023 0438 AM UTC Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
sec ed25519/0xC0A36B17811FFED4 created: 2020-04-27 expires: 2070-04-15 usage: C trust: ultimate validity: ultimate ssb rsa4096/0x28C194EDFDB41226 created: 2020-04-27 expires: 2023-04-27 usage: E ssb ed25519/0xDB4C9A99430E61E6 created: 2020-04-27 expires: 2023-04-27 usage: S [ultimate] (1). John Smith [email protected]
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 8
Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? s
Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Encrypt
(S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished
Your selection? Q RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 3y Key expires at Thu 27 Apr 2023 0406 AM UTC Is this correct? (y/N) y Really create? (y/N) y [master passphrase requested] We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
sec ed25519/0xC0A36B17811FFED4 created: 2020-04-27 expires: 2070-04-15 usage: C trust: ultimate validity: ultimate ssb rsa4096/0x28C194EDFDB41226 created: 2020-04-27 expires: 2023-04-27 usage: E [ultimate] (1). John Smith [email protected]
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 11
Possible actions for a ECDSA/EdDSA key: Sign Authenticate Current allowed actions: Sign
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? s
Possible actions for a ECDSA/EdDSA key: Sign Authenticate Current allowed actions:
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? a
Possible actions for a ECDSA/EdDSA key: Sign Authenticate Current allowed actions: Authenticate
(S) Toggle the sign capability (A) Toggle the authenticate capability (Q) Finished
Your selection? q Please select which elliptic curve you want: (1) Curve 25519 (3) NIST P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool P-384 (8) Brainpool P-512 (9) secp256k1 Your selection? 1 Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 3y Key expires at Thu 27 Apr 2023 0527 AM UTC Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
sec ed25519/0xC0A36B17811FFED4 created: 2020-04-27 expires: 2070-04-15 usage: C trust: ultimate validity: ultimate ssb rsa4096/0x28C194EDFDB41226 created: 2020-04-27 expires: 2023-04-27 usage: E ssb ed25519/0xDB4C9A99430E61E6 created: 2020-04-27 expires: 2023-04-27 usage: S ssb ed25519/0xCE658A723ED3DA27 created: 2020-04-27 expires: 2023-04-27 usage: A [ultimate] (1). John Smith [email protected]
gpg> save
amnesia@amnesia:~$ gpg --output GPG-0xC0A36B17811FFED4.asc --gen-revoke 0xC0A36B17811FFED4
sec ed25519/0xC0A36B17811FFED4 2020-04-27 John Smith [email protected]
Create a revocation certificate for this key? (y/N) y Please select the reason for the revocation: 0 = No reason specified 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used Q = Cancel (Probably you want to select 1 here) Your decision? 0 Enter an optional description; end it with an empty line:
Reason for revocation: No reason specified (No description given) Is this okay? (y/N) y ASCII armored output forced. Revocation certificate created.
Please move it to a medium which you can hide away; if Mallory gets access to this certificate he can use it to make your key unusable. It is smart to print this certificate and store it away, just in case your media become unreadable. But have some caution: The print system of your machine might store the data and make it available to others!
gpg2 --export-secret-key "[email protected]" -a | gpg2 --cipher-algorithm=AES256 --output secret-key.gpg -a --symmetric