{"id":14726,"date":"2019-01-16T13:00:56","date_gmt":"2019-01-16T12:00:56","guid":{"rendered":"https:\/\/www.inovex.de\/blog\/?p=14726"},"modified":"2022-11-17T12:39:01","modified_gmt":"2022-11-17T11:39:01","slug":"openpgp-create-a-new-gnupg-key-1","status":"publish","type":"post","link":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/","title":{"rendered":"OpenPGP: Create a New GnuPG Key (Part 1)"},"content":{"rendered":"<p>This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication.<!--more--><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\"><\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#What-is-GnuPG\" >What is GnuPG?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Subkeys\" >Subkeys<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Preparations\" >Preparations<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Generate-the-primary-key\" >Generate the primary key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Key-algorithm\" >Key algorithm<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Key-capabilities\" >Key capabilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Key-size\" >Key size<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Expiration\" >Expiration<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#User-ID\" >User ID<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Passphrase\" >Passphrase<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Key-generation\" >Key generation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#The-new-primary-key\" >The new primary key<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Generate-the-Subkeys\" >Generate the Subkeys<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Generate-signature-key\" >Generate signature key<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Generate-encryption-key\" >Generate encryption key<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Generate-authentication-key\" >Generate authentication key<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Quit-and-save\" >Quit and save<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#List-your-new-GnuPG-key\" >List your new GnuPG key<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Backup-your-GnuPG-key\" >Backup your GnuPG key<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Export-public-and-private-keys\" >Export public and private keys<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Remove-Primary-Key-from-Keyring\" >Remove Primary Key from Keyring<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Delete-secret-keys\" >Delete secret keys<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Reimport-secret-subkeys\" >Reimport secret subkeys<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#Verify-that-the-master-key-is-absent\" >Verify that the master key is absent<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"What-is-GnuPG\"><\/span>What is GnuPG?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>GnuPG is the <a href=\"https:\/\/www.gnupg.org\/\">open implementation<\/a> of the OpenPGP standard defined in <a href=\"https:\/\/tools.ietf.org\/html\/rfc4880\">RFC 4880<\/a>. GnuPG allows you to encrypt and sign data and to authenticate. It is written in C and has been initially released in 1999.<\/p>\n<p>In public key cryptography you have a key pair consisting of a public and a private key. The public key can be used by others either to verify signatures made with your private key or to encrypt data that can only be decrypted with your private key.<\/p>\n<p>Generally encryption protects data against being read by unintended recipients and signing provides data integrity and proves data has been signed by a specific key. It neither proofs when the data has been signed nor that the key belongs to the pretended user ID.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Subkeys\"><\/span>Subkeys<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>GnuPG supports different actions for a key. The <strong>Certify<\/strong> capability is used to modify your own or someone else&#8217;s key (e.g. by signing someone else&#8217;s key, creating subkeys, adding\/revoking a user ID, changing the expiration date or generating revocation certificates). The <strong>Encrypt<\/strong>, <strong>Sign<\/strong> and <strong>Authenticate <\/strong>capabilities are used for encrypting and signing data or authentication.<\/p>\n<p>By default, the primary key has the <strong>Certify<\/strong> and the <strong>Sign<\/strong> capabilities. The <strong>Encrypt<\/strong> capability is provided by a subkey. Subkeys are bound to the master key pair.<\/p>\n<p>It is recommended to use your primary key only for certification and keep it offline while using different subkeys for the remaining capabilities of daily use. This way, if your subkeys get compromised, you can revoke your subkeys independently of your primary key.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Preparations\"><\/span>Preparations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Before a key can be generated, first you need to configure GnuPG.<\/p>\n<p>First of all make sure to use gpg 2.1.18 or later. You can check your gpg version as follows:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --version\r\n\r\ngpg (GnuPG) 2.2.11\r\n\r\nlibgcrypt 1.8.4\r\n\r\nCopyright (C) 2018 Free Software Foundation, Inc.\r\n\r\nLicense GPLv3+: GNU GPL version 3 or later &lt;https:\/\/gnu.org\/licenses\/gpl.html&gt;\r\n\r\nThis is free software: you are free to change and redistribute it.\r\n\r\nThere is NO WARRANTY, to the extent permitted by law.\r\n\r\nHome: \/home\/jdoe\/.gnupg\r\n\r\nSupported algorithms:\r\n\r\nPubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA\r\n\r\nCipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,\r\n\r\nCAMELLIA128, CAMELLIA192, CAMELLIA256\r\n\r\nHash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224\r\n\r\nCompression: Uncompressed, ZIP, ZLIB, BZIP2<\/pre>\n<p>Additionally ensure your ~\/.gnupg\/gpg.conf contains at least the following options to avoid some information leakage and to use strong algorithms.<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\" title=\".gnupg\/gpg.conf\">keyserver-options include-revoked\r\n\r\nkeyserver-options no-honor-keyserver-url\r\n\r\nno-comments\r\n\r\nno-emit-version\r\n\r\npersonal-digest-preferences SHA512\r\n\r\ncert-digest-algo SHA512\r\n\r\ndefault-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed\r\n\r\n<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Generate-the-primary-key\"><\/span>Generate the primary key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Now you can generate the primary key:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --expert --full-gen-key<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Key-algorithm\"><\/span>Key algorithm<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>First you have to decide which key algorithm to use. Basically, you can choose between <a href=\"https:\/\/en.wikipedia.org\/wiki\/RSA_(cryptosystem)\">RSA<\/a>, <a href=\"https:\/\/en.wikipedia.org\/wiki\/Digital_Signature_Algorithm\">DSA<\/a> and <a href=\"https:\/\/en.wikipedia.org\/wiki\/ElGamal_encryption\">ElGamal<\/a> along with <a href=\"https:\/\/en.wikipedia.org\/wiki\/Elliptic-curve_cryptography\">ECC<\/a>.<\/p>\n<p>Choose RSA here for compatibility reasons, because it is widely used, well known and most smart cards (like <a href=\"https:\/\/en.wikipedia.org\/wiki\/OpenPGP_card\">OpenPGP card<\/a> or <a href=\"https:\/\/en.wikipedia.org\/wiki\/YubiKey\">YubiKey<\/a>) only support RSA at the moment.<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">Please select what kind of key you want:\r\n\r\n(1) RSA and RSA (default)\r\n\r\n(2) DSA and Elgamal\r\n\r\n(3) DSA (sign only)\r\n\r\n(4) RSA (sign only)\r\n\r\n(7) DSA (set your own capabilities)\r\n\r\n(8) RSA (set your own capabilities)\r\n\r\n(9) ECC and ECC\r\n\r\n(10) ECC (sign only)\r\n\r\n(11) ECC (set your own capabilities)\r\n\r\n(13) Existing key\r\n\r\nYour selection? 8<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Key-capabilities\"><\/span>Key capabilities<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The next step is to remove the <strong>S<\/strong><strong>ign<\/strong> and <strong>Encrypt<\/strong> action from the primary key and only keep the <strong>Certify<\/strong> action:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">Possible actions for a RSA key: Sign Certify Encrypt Authenticate\r\n\r\nCurrent allowed actions: Sign Certify Encrypt\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? s\r\n\r\nPossible actions for a RSA key: Sign Certify Encrypt Authenticate\r\n\r\nCurrent allowed actions: Certify Encrypt\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? e\r\n\r\nPossible actions for a RSA key: Sign Certify Encrypt Authenticate\r\n\r\nCurrent allowed actions: Certify\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? q<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Key-size\"><\/span>Key size<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>You should use a key size between 2048 and 4096 bits. For the master key it is preferable to use 4096 bits.<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">RSA keys may be between 1024 and 4096 bits long.\r\n\r\nWhat keysize do you want? (3072) 4096\r\n\r\nRequested keysize is 4096 bits<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Expiration\"><\/span>Expiration<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The expiration date for a key is the dead man&#8217;s switch to ensure your key will be disabled in case you loose access to your primary key and your revocation certificate. Signatures and encrypted files created after the expiration date should be considered as untrusted. The expiration date can be extended, even after the key has already expired. In order to avoid updating the key too often, choose 2 years here.<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">Please specify how long the key should be valid.\r\n\r\n0 = key does not expire\r\n\r\n&lt;n&gt; = key expires in n days\r\n\r\n&lt;n&gt;w = key expires in n weeks\r\n\r\n&lt;n&gt;m = key expires in n months\r\n\r\n&lt;n&gt;y = key expires in n years\r\n\r\nKey is valid for? (0) 2y\r\n\r\nKey expires at Sun 03 Jan 2021 13:38:47 CET\r\n\r\nIs this correct? (y\/N) y<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"User-ID\"><\/span>User ID<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you want to create an &#8218;official&#8216; key use your first and last name along with a valid email address, so your user ID can be validated against your ID card and your key can be signed by others. It is recommended to not use a comment in your user ID (see <a href=\"https:\/\/dkg.fifthhorseman.net\/blog\/openpgp-user-id-comments-considered-harmful.html\">OpenPGP User ID Comments considered harmful<\/a> for reasoning). Note: user IDs are immutable, hence cannot be changed but only revoked.<\/p>\n<pre class=\"toolbar:2 num:false show-plain-default:true lang:default decode:true\">GnuPG needs to construct a user ID to identify your key.\r\n\r\nReal name: John Doe\r\n\r\nEmail address: john.doe@example.com\r\n\r\nComment:\r\n\r\nYou selected this USER-ID:\r\n\r\n\"John Doe &lt;john.doe@example.com&gt;\"\r\n\r\nChange (N)ame, (C)omment, (E)mail or (O)kay\/(Q)uit? o<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Passphrase\"><\/span>Passphrase<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Before the key can be generated, you have to choose a passphrase. See <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2014\/03\/choosing_secure_1.html\">here<\/a> on how to choose a secure password.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Key-generation\"><\/span>Key generation<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">We need to generate a lot of random bytes. It is a good idea to perform\r\n\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\n\r\ndisks) during the prime generation; this gives the random number\r\n\r\ngenerator a better chance to gain enough entropy.<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"The-new-primary-key\"><\/span>The new primary key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true \">gpg: key 0x5A24FA122E623651 marked as ultimately trusted\r\n\r\ngpg: directory '\/home\/jdoe\/.gnupg\/openpgp-revocs.d' created\r\n\r\ngpg: revocation certificate stored as '\/home\/jdoe\/.gnupg\/openpgp-revocs.d\/F5890F08068C5251DEC5CB915A24FA122E623651.rev'\r\n\r\npublic and secret key created and signed.\r\n\r\npub rsa4096\/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03]\r\n\r\nKey fingerprint = F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651\r\n\r\nuid John Doe &lt;john.doe@example.com&gt;<\/pre>\n<p>Some remarks:<\/p>\n<ul>\n<li>You have control over the primary secret key, hence it is <strong>ultimately trusted<\/strong> by default.<\/li>\n<li>A revocation certificate has been created by default at \/home\/jdoe\/.gnupg\/openpgp-revocs.d\/<strong>F5890F08068C5251DEC5CB915A24FA122E623651.rev. <\/strong>Print it out and keep it private, in case your key gets compromised or lost.<\/li>\n<li>The key has the (long) ID:<strong> 0x5A24FA122E623651<\/strong>.<\/li>\n<li>The fingerprint of the key is: <strong>F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651<\/strong>.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Generate-the-Subkeys\"><\/span>Generate the Subkeys<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Apart from the key size the attributes for the subkeys can be the same as for the primary key. The key size depends on how you are going to use the subkeys. If you want to use the subkeys on a smart card, the maximum length of the key might be limited due to hardware limitations. Also the run time of key operations on a smart card might differ with different key sizes. As GnuPG defaults to 3072 bits, the example uses 3072 bits for the subkeys.<\/p>\n<p>To generate the subkeys use the following command:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --expert --edit-key 0x5A24FA122E623651\r\n\r\nSecret key is available.\r\n\r\nsec rsa4096\/0x5A24FA122E623651\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: C\r\n\r\ntrust: ultimate validity: ultimate\r\n\r\n[ultimate] (1). John Doe &lt;john.doe@example.com&gt;<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Generate-signature-key\"><\/span>Generate signature key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">gpg&gt; addkey\r\n\r\nPlease select what kind of key you want:\r\n\r\n(3) DSA (sign only)\r\n\r\n(4) RSA (sign only)\r\n\r\n(5) Elgamal (encrypt only)\r\n\r\n(6) RSA (encrypt only)\r\n\r\n(7) DSA (set your own capabilities)\r\n\r\n(8) RSA (set your own capabilities)\r\n\r\n(10) ECC (sign only)\r\n\r\n(11) ECC (set your own capabilities)\r\n\r\n(12) ECC (encrypt only)\r\n\r\n(13) Existing key\r\n\r\nYour selection? 4\r\n\r\nRSA keys may be between 1024 and 4096 bits long.\r\n\r\nWhat keysize do you want? (3072)\r\n\r\nRequested keysize is 3072 bits\r\n\r\nPlease specify how long the key should be valid.\r\n\r\n0 = key does not expire\r\n\r\n&lt;n&gt; = key expires in n days\r\n\r\n&lt;n&gt;w = key expires in n weeks\r\n\r\n&lt;n&gt;m = key expires in n months\r\n\r\n&lt;n&gt;y = key expires in n years\r\n\r\nKey is valid for? (0) 2y\r\n\r\nKey expires at Sun 03 Jan 2021 16:48:46 CET\r\n\r\nIs this correct? (y\/N) y\r\n\r\nReally create? (y\/N) y\r\n\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\n\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\n\r\ndisks) during the prime generation; this gives the random number\r\n\r\ngenerator a better chance to gain enough entropy.\r\n\r\nsec rsa4096\/0x5A24FA122E623651\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: C\r\n\r\ntrust: ultimate validity: ultimate\r\n\r\nssb rsa3072\/0x2C0CC4A184234A5A\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: S\r\n\r\n[ultimate] (1). John Doe &lt;john.doe@example.com&gt;<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Generate-encryption-key\"><\/span>Generate encryption key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">gpg&gt; addkey\r\n\r\nPlease select what kind of key you want:\r\n\r\n(3) DSA (sign only)\r\n\r\n(4) RSA (sign only)\r\n\r\n(5) Elgamal (encrypt only)\r\n\r\n(6) RSA (encrypt only)\r\n\r\n(7) DSA (set your own capabilities)\r\n\r\n(8) RSA (set your own capabilities)\r\n\r\n(10) ECC (sign only)\r\n\r\n(11) ECC (set your own capabilities)\r\n\r\n(12) ECC (encrypt only)\r\n\r\n(13) Existing key\r\n\r\nYour selection? 6\r\n\r\nRSA keys may be between 1024 and 4096 bits long.\r\n\r\nWhat keysize do you want? (3072)\r\n\r\nRequested keysize is 3072 bits\r\n\r\nPlease specify how long the key should be valid.\r\n\r\n0 = key does not expire\r\n\r\n&lt;n&gt; = key expires in n days\r\n\r\n&lt;n&gt;w = key expires in n weeks\r\n\r\n&lt;n&gt;m = key expires in n months\r\n\r\n&lt;n&gt;y = key expires in n years\r\n\r\nKey is valid for? (0) 2y\r\n\r\nKey expires at Sun 03 Jan 2021 16:52:07 CET\r\n\r\nIs this correct? (y\/N) y\r\n\r\nReally create? (y\/N) y\r\n\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\n\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\n\r\ndisks) during the prime generation; this gives the random number\r\n\r\ngenerator a better chance to gain enough entropy.\r\n\r\nsec rsa4096\/0x5A24FA122E623651\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: C\r\n\r\ntrust: ultimate validity: ultimate\r\n\r\nssb rsa3072\/0x2C0CC4A184234A5A\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: S\r\n\r\nssb rsa3072\/0x87264AAEEB639812\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: E\r\n\r\n[ultimate] (1). John Doe &lt;john.doe@example.com&gt;<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Generate-authentication-key\"><\/span>Generate authentication key<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">gpg&gt; addkey\r\n\r\nPlease select what kind of key you want:\r\n\r\n(3) DSA (sign only)\r\n\r\n(4) RSA (sign only)\r\n\r\n(5) Elgamal (encrypt only)\r\n\r\n(6) RSA (encrypt only)\r\n\r\n(7) DSA (set your own capabilities)\r\n\r\n(8) RSA (set your own capabilities)\r\n\r\n(10) ECC (sign only)\r\n\r\n(11) ECC (set your own capabilities)\r\n\r\n(12) ECC (encrypt only)\r\n\r\n(13) Existing key\r\n\r\nYour selection? 8\r\n\r\nPossible actions for a RSA key: Sign Encrypt Authenticate\r\n\r\nCurrent allowed actions: Sign Encrypt\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? s\r\n\r\nPossible actions for a RSA key: Sign Encrypt Authenticate\r\n\r\nCurrent allowed actions: Encrypt\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? e\r\n\r\nPossible actions for a RSA key: Sign Encrypt Authenticate\r\n\r\nCurrent allowed actions:\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? a\r\n\r\nPossible actions for a RSA key: Sign Encrypt Authenticate\r\n\r\nCurrent allowed actions: Authenticate\r\n\r\n(S) Toggle the sign capability\r\n\r\n(E) Toggle the encrypt capability\r\n\r\n(A) Toggle the authenticate capability\r\n\r\n(Q) Finished\r\n\r\nYour selection? q\r\n\r\nRSA keys may be between 1024 and 4096 bits long.\r\n\r\nWhat keysize do you want? (3072)\r\n\r\nRequested keysize is 3072 bits\r\n\r\nPlease specify how long the key should be valid.\r\n\r\n0 = key does not expire\r\n\r\n&lt;n&gt; = key expires in n days\r\n\r\n&lt;n&gt;w = key expires in n weeks\r\n\r\n&lt;n&gt;m = key expires in n months\r\n\r\n&lt;n&gt;y = key expires in n years\r\n\r\nKey is valid for? (0) 2y\r\n\r\nKey expires at Sun 03 Jan 2021 16:52:42 CET\r\n\r\nIs this correct? (y\/N) y\r\n\r\nReally create? (y\/N) y\r\n\r\nWe need to generate a lot of random bytes. It is a good idea to perform\r\n\r\nsome other action (type on the keyboard, move the mouse, utilize the\r\n\r\ndisks) during the prime generation; this gives the random number\r\n\r\ngenerator a better chance to gain enough entropy.\r\n\r\nsec rsa4096\/0x5A24FA122E623651\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: C\r\n\r\ntrust: ultimate validity: ultimate\r\n\r\nssb rsa3072\/0x2C0CC4A184234A5A\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: S\r\n\r\nssb rsa3072\/0x87264AAEEB639812\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: E\r\n\r\nssb rsa3072\/0x5027A7FB918DF7CE\r\n\r\ncreated: 2019-01-04 expires: 2021-01-03 usage: A\r\n\r\n[ultimate] (1). John Doe &lt;john.doe@example.com&gt;\r\n\r\n<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Quit-and-save\"><\/span>Quit and save<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">gpg&gt; quit\r\n\r\nSave changes? (y\/N) y<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"List-your-new-GnuPG-key\"><\/span>List your new GnuPG key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You can list your key with the following command:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --list-keys 0x5A24FA122E623651\r\n\r\npub   rsa4096\/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03]\r\n\r\n      Key fingerprint = F589 0F08 068C 5251 DEC5  CB91 5A24 FA12 2E62 3651\r\n\r\nuid                   [ultimate] John Doe &lt;john.doe@example.com&gt;\r\n\r\nsub   rsa3072\/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03]\r\n\r\nsub   rsa3072\/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03]\r\n\r\nsub   rsa3072\/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03]\r\n\r\n<\/pre>\n<p>And the secret keys can be shown as follows:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --list-secret-keys 0x5A24FA122E623651\r\n\r\nsec   rsa4096\/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03]\r\n\r\n      Key fingerprint = F589 0F08 068C 5251 DEC5  CB91 5A24 FA12 2E62 3651\r\n\r\nuid                   [ultimate] John Doe &lt;john.doe@example.com&gt;\r\n\r\nssb   rsa3072\/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03]\r\n\r\nssb   rsa3072\/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03]\r\n\r\nssb   rsa3072\/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03]\r\n\r\n<\/pre>\n<p>Note:<\/p>\n<ul>\n<li><strong>sec <\/strong>indicates the secret key.<\/li>\n<li><strong>ssb<\/strong> indicates a secret subkey.<\/li>\n<li>The letters in square brackets stand for the key capability: <strong>C<\/strong>ertify, <strong>E<\/strong>ncrypt, <strong>S<\/strong>ign and <strong>A<\/strong>uthenticate.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Backup-your-GnuPG-key\"><\/span>Backup your GnuPG key<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>After generating the key you need to create a backup. The backup is best stored on an encrypted USB flash device.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Export-public-and-private-keys\"><\/span>Export public and private keys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>At first export the public key, so it can be shared with others:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --export --armor 0x5A24FA122E623651 &gt; 0x5A24FA122E623651.pub.asc<\/pre>\n<p>Next export all secret keys (primary and subkeys) . This key should be kept offline. The primary key is needed for key certification.<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --export-secret-keys --armor 0x5A24FA122E623651 &gt; 0x5A24FA122E623651.sec.asc<\/pre>\n<p>At last export the secret subkeys (keep private, import for daily usage).<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --export-secret-subkeys --armor 0x5A24FA122E623651 &gt; 0x5A24FA122E623651.sec_sub.asc<\/pre>\n<h2><span class=\"ez-toc-section\" id=\"Remove-Primary-Key-from-Keyring\"><\/span>Remove Primary Key from Keyring<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Since the primary key is not used on a daily basis, it can be removed.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Delete-secret-keys\"><\/span>Delete secret keys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --delete-secret-keys 0x5A24FA122E623651\r\n\r\nsec rsa4096\/0x5A24FA122E623651 2019-01-04 John Doe &lt;john.doe@example.com&gt;\r\n\r\nDelete this key from the keyring? (y\/N) y\r\n\r\nThis is a secret key! - really delete? (y\/N) y<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Reimport-secret-subkeys\"><\/span>Reimport secret subkeys<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --import 0x5A24FA122E623651.sec_sub.asc\r\n\r\ngpg: key 0x5A24FA122E623651: \"John Doe &lt;john.doe@example.com&gt;\" not changed\r\n\r\ngpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status\r\n\r\ngpg: key 0x5A24FA122E623651: secret key imported\r\n\r\ngpg: Total number processed: 1\r\n\r\ngpg:              unchanged: 1\r\n\r\ngpg:       secret keys read: 1\r\n\r\ngpg:   secret keys imported: 1<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"Verify-that-the-master-key-is-absent\"><\/span>Verify that the master key is absent<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To verify that the primary key is absent, you can list the secret keys again:<\/p>\n<pre class=\"toolbar:2 nums:false show-plain-default:true lang:default decode:true\">$ gpg --list-secret-keys 0x5A24FA122E623651\r\n\r\nsec#  rsa4096\/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03]\r\n\r\n      Key fingerprint = F589 0F08 068C 5251 DEC5  CB91 5A24 FA12 2E62 3651\r\n\r\nuid                   [ultimate] John Doe &lt;john.doe@example.com&gt;\r\n\r\nssb   rsa3072\/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03]\r\n\r\nssb   rsa3072\/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03]\r\n\r\nssb   rsa3072\/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03]\r\n\r\n<\/pre>\n<p>Note the hash (<strong>#<\/strong>) after the <strong>sec<\/strong> tag which indicates that the primary key is currently not usable.<\/p>\n<p>Congratulations! You can now use your key.\u00a0Stay tuned for the <a href=\"https:\/\/www.inovex.de\/blog\/openpgp-key-signing-parties-2\/\">next part<\/a> of the OpenPGP blog series!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication.<\/p>\n","protected":false},"author":202,"featured_media":15058,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"ep_exclude_from_search":false,"footnotes":""},"tags":[101],"service":[879],"coauthors":[{"id":202,"display_name":"Hannes von Haugwitz","user_nicename":"hhaugwitz"}],"class_list":["post-14726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-security","service-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OpenPGP: Create a New GnuPG Key (Part 1) - inovex GmbH<\/title>\n<meta name=\"description\" content=\"This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenPGP: Create a New GnuPG Key (Part 1) - inovex GmbH\" \/>\n<meta property=\"og:description\" content=\"This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\" \/>\n<meta property=\"og:site_name\" content=\"inovex GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inovexde\" \/>\n<meta property=\"article:published_time\" content=\"2019-01-16T12:00:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-17T11:39:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Hannes von Haugwitz\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero-1024x576.png\" \/>\n<meta name=\"twitter:creator\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:site\" content=\"@inovexgmbh\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hannes von Haugwitz\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"14\u00a0Minuten\" \/>\n\t<meta name=\"twitter:label3\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data3\" content=\"Hannes von Haugwitz\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\"},\"author\":{\"name\":\"Hannes von Haugwitz\",\"@id\":\"https:\/\/www.inovex.de\/de\/#\/schema\/person\/b23588a2446d4ceb063b70b7c9fef782\"},\"headline\":\"OpenPGP: Create a New GnuPG Key (Part 1)\",\"datePublished\":\"2019-01-16T12:00:56+00:00\",\"dateModified\":\"2022-11-17T11:39:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\"},\"wordCount\":1026,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inovex.de\/de\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png\",\"keywords\":[\"Security\"],\"articleSection\":[\"English Content\",\"General\",\"Methods\"],\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\",\"url\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\",\"name\":\"OpenPGP: Create a New GnuPG Key (Part 1) - inovex GmbH\",\"isPartOf\":{\"@id\":\"https:\/\/www.inovex.de\/de\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png\",\"datePublished\":\"2019-01-16T12:00:56+00:00\",\"dateModified\":\"2022-11-17T11:39:01+00:00\",\"description\":\"This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage\",\"url\":\"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png\",\"contentUrl\":\"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png\",\"width\":1920,\"height\":1080,\"caption\":\"A modern take on the openpgp\/gnupg logo.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inovex.de\/de\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenPGP: Create a New GnuPG Key (Part 1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inovex.de\/de\/#website\",\"url\":\"https:\/\/www.inovex.de\/de\/\",\"name\":\"inovex GmbH\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.inovex.de\/de\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inovex.de\/de\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inovex.de\/de\/#organization\",\"name\":\"inovex GmbH\",\"url\":\"https:\/\/www.inovex.de\/de\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png\",\"contentUrl\":\"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png\",\"width\":1921,\"height\":1081,\"caption\":\"inovex GmbH\"},\"image\":{\"@id\":\"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inovexde\",\"https:\/\/x.com\/inovexgmbh\",\"https:\/\/www.instagram.com\/inovexlife\/\",\"https:\/\/www.linkedin.com\/company\/inovex\",\"https:\/\/www.youtube.com\/channel\/UC7r66GT14hROB_RQsQBAQUQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inovex.de\/de\/#\/schema\/person\/b23588a2446d4ceb063b70b7c9fef782\",\"name\":\"Hannes von Haugwitz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.inovex.de\/de\/#\/schema\/person\/image\/1351fbd840b93db5a6b24fa8f7747bb8\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/34eef571f83e0e51f34de66d18bacf07c642d54636f968345e53dedbbabf7921?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/34eef571f83e0e51f34de66d18bacf07c642d54636f968345e53dedbbabf7921?s=96&d=retro&r=g\",\"caption\":\"Hannes von Haugwitz\"},\"url\":\"https:\/\/www.inovex.de\/de\/blog\/author\/hhaugwitz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenPGP: Create a New GnuPG Key (Part 1) - inovex GmbH","description":"This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/","og_locale":"de_DE","og_type":"article","og_title":"OpenPGP: Create a New GnuPG Key (Part 1) - inovex GmbH","og_description":"This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.","og_url":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/","og_site_name":"inovex GmbH","article_publisher":"https:\/\/www.facebook.com\/inovexde","article_published_time":"2019-01-16T12:00:56+00:00","article_modified_time":"2022-11-17T11:39:01+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png","type":"image\/png"}],"author":"Hannes von Haugwitz","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero-1024x576.png","twitter_creator":"@inovexgmbh","twitter_site":"@inovexgmbh","twitter_misc":{"Verfasst von":"Hannes von Haugwitz","Gesch\u00e4tzte Lesezeit":"14\u00a0Minuten","Written by":"Hannes von Haugwitz"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#article","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/"},"author":{"name":"Hannes von Haugwitz","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/b23588a2446d4ceb063b70b7c9fef782"},"headline":"OpenPGP: Create a New GnuPG Key (Part 1)","datePublished":"2019-01-16T12:00:56+00:00","dateModified":"2022-11-17T11:39:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/"},"wordCount":1026,"commentCount":0,"publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png","keywords":["Security"],"articleSection":["English Content","General","Methods"],"inLanguage":"de","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/","url":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/","name":"OpenPGP: Create a New GnuPG Key (Part 1) - inovex GmbH","isPartOf":{"@id":"https:\/\/www.inovex.de\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage"},"image":{"@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png","datePublished":"2019-01-16T12:00:56+00:00","dateModified":"2022-11-17T11:39:01+00:00","description":"This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication. GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880, allowing you to encrypt and sign data and to authenticate.","breadcrumb":{"@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/"]}]},{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#primaryimage","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2019\/01\/openpgp-gnupg-hero.png","width":1920,"height":1080,"caption":"A modern take on the openpgp\/gnupg logo."},{"@type":"BreadcrumbList","@id":"https:\/\/www.inovex.de\/de\/blog\/openpgp-create-a-new-gnupg-key-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inovex.de\/de\/"},{"@type":"ListItem","position":2,"name":"OpenPGP: Create a New GnuPG Key (Part 1)"}]},{"@type":"WebSite","@id":"https:\/\/www.inovex.de\/de\/#website","url":"https:\/\/www.inovex.de\/de\/","name":"inovex GmbH","description":"","publisher":{"@id":"https:\/\/www.inovex.de\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inovex.de\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.inovex.de\/de\/#organization","name":"inovex GmbH","url":"https:\/\/www.inovex.de\/de\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/","url":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","contentUrl":"https:\/\/www.inovex.de\/wp-content\/uploads\/2021\/03\/inovex-logo-16-9-1.png","width":1921,"height":1081,"caption":"inovex GmbH"},"image":{"@id":"https:\/\/www.inovex.de\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inovexde","https:\/\/x.com\/inovexgmbh","https:\/\/www.instagram.com\/inovexlife\/","https:\/\/www.linkedin.com\/company\/inovex","https:\/\/www.youtube.com\/channel\/UC7r66GT14hROB_RQsQBAQUQ"]},{"@type":"Person","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/b23588a2446d4ceb063b70b7c9fef782","name":"Hannes von Haugwitz","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.inovex.de\/de\/#\/schema\/person\/image\/1351fbd840b93db5a6b24fa8f7747bb8","url":"https:\/\/secure.gravatar.com\/avatar\/34eef571f83e0e51f34de66d18bacf07c642d54636f968345e53dedbbabf7921?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/34eef571f83e0e51f34de66d18bacf07c642d54636f968345e53dedbbabf7921?s=96&d=retro&r=g","caption":"Hannes von Haugwitz"},"url":"https:\/\/www.inovex.de\/de\/blog\/author\/hhaugwitz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/14726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/users\/202"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/comments?post=14726"}],"version-history":[{"count":1,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/14726\/revisions"}],"predecessor-version":[{"id":37966,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/posts\/14726\/revisions\/37966"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media\/15058"}],"wp:attachment":[{"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/media?parent=14726"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/tags?post=14726"},{"taxonomy":"service","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/service?post=14726"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.inovex.de\/de\/wp-json\/wp\/v2\/coauthors?post=14726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}