Tutorials

Generate GPG key

Posted on 19-Aug-2021

If you don't have a GPG key, run the following commands to generate one and use it for signing commits and tags.

  • Download and install GPG command line tool for your OS. For ubuntu run: sudo apt-get update && sudo apt-get install -y gpg
  • Run in your terminal: gpg --full-generate-key
  • On the prompt to select the kind, pres Enter to leave the default value: RSA and RSA
  • For the keysize type 4096
  • For the valability time press Enter with 0 as default value to not expire.
  • Press Y and Enter to confirm no expiration
  • Type your name, email and comment if necessary
  • Press O (capital o) and Enter
  • Add a passphrase for the key

The output will be like this:

gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key FD9D311F84732894 marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/719559FDB16002AF97000BC6FD9D311F84732894.rev'
public and secret key created and signed.

pub   rsa4096 2021-08-19 [SC]
      719559FDB16002AF97000BC6FD9D311F84732894
uid                      username <alfa@example.com>
sub   rsa4096 2021-08-19 [E]
In the example it shows to be created under root user because the commands for this example are executed in a docker container. On your machine, it will be under your own user.

Use the following command to list the long form of the GPG key for which you have both a public and a private key

gpg --list-secret-keys --keyid-format=long

The output will be like:

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/root/.gnupg/pubring.kbx
------------------------
sec   rsa4096/FD9D311F84732894 2021-08-19 [SC]
      719559FDB16002AF97000BC6FD9D311F84732894
uid                 [ultimate] MyName <my.email@example.com>
ssb   rsa4096/0B89B1E421856836 2021-08-19 [E]

Copy the gpg key id that you find it on the sec line which is FD9D311F84732894. In your case will be a different one.

Run the following command with the key id selected

gpg --armor --export FD9D311F84732894

Copy your GPG key, beginning with -----BEGIN PGP PUBLIC KEY BLOCK----- and ending with -----END PGP PUBLIC KEY BLOCK-----.

Now, you can add your GPG key to your github account

Import gpg key

gpg --import public-gpg-key.gpg

Encrypt a file

gpg --encrypt my-file.gpg

Decrypt a file

gpg --decrypt my-file.txt

List keys

gpg --list-keys

Export a public key

# binary file
gpg --output myname.gpg --export my.email@address.com

# ASCII file
gpg --armor --export my.email@address.com