Skip to content

Instantly share code, notes, and snippets.

@gnzsnz

gnzsnz/Creating GPG keys and subkeys.md

Created April 26, 2024 07:34
Show Gist options
  • Save gnzsnz/d6483e9f00f227d091b50db877686db2 to your computer and use it in GitHub Desktop.
Save gnzsnz/d6483e9f00f227d091b50db877686db2 to your computer and use it in GitHub Desktop.
Download ZIP
Creating GPG keys and subkeys
Raw
Creating GPG keys and subkeys.md

Creating GPG keys and subkeys

There are the steps to create GPG key pair and the additional steps to create a subkey.

Create GPG keys

gpg --full-generate-key
Please select what kind of key you want:
   (1) RSA and RSA
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (9) ECC (sign and encrypt) *default*
  (10) ECC (sign only)
  (14) Existing key from card
Your selection? 9

Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 1

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all

Create subkey

Once have a key pair we can create a subkey

gpg --edit-key 6BA43BDD3E73CD57855B9D77DEDE5447A7ABB295

gpg> addkey

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
  (10) ECC (sign only)
  (12) ECC (encrypt only)
  (14) Existing key from card
Your selection? 10
Please select which elliptic curve you want:
   (1) Curve 25519 *default*
   (4) NIST P-384
   (6) Brainpool P-256
Your selection? 1
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0

gpg> save

To use subkey you want to delete your primary key. So we are going to export our keys, then delete them and only import the subkey.

gpg --output gitea.pub.gpg --export 6BA43BDD3E73CD57855B9D77DEDE5447A7ABB294
gpg --output gitea.sec.gpg --export-secret-keys 6BA43BDD3E73CD57855B9D77DEDE5447A7ABB294
gpg --output gitea.sub.gpg --export-secret-subkeys 6BA43BDD3E73CD57855B9D77DEDE5447A7ABB294

gpg --delete-secret-keys 6BA43BDD3E73CD57855B9D77DEDE5447A7ABB294

Finaly import the subkey

gpg --import gitea.sub.gpg
# and list it
gpg --list-secret-keys gitea
sec#  ed25519 2024-04-26 [SC]
      6BA43BDD3E73CD57855B9D77DEDE5447A7ABB294
uid           [ultimate] gitea <gitea@gnzsnz.com>
ssb   cv25519 2024-04-26 [E]
ssb   ed25519 2024-04-26 [S]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment