Create Your GPG Key In Minutes

Step 1 - Create Your Public/Private Key Pair and Revocation Certificate

gpg --expert --full-gen-key

NOTE: If you are on a console without GUI use this instead:

gpg --expert --pinentry-mode=loopback --full-gen-key

When asked what kind of key you want you will be presented with 14 options. Choose the 9th option which should be ECC (Elliptic Curve Cryptography) public/private keypair and an ECC signing key. In most cases the default option will be the best choice.

(9) ECC and ECC

Then it should asks you which elliptic curve you want. Choose the first option and create ed25519 keys.

(1) Curve 25519

Next, you should choose how long the key will be valid. Selecting 2 years is fine. You can always extend the time when the key is about to expire.

Key is valid for? (0) 2y

Then confirm your selection:

Is this correct? (y/N) y

You will then be prompted to enter your real name, and the email address associated with this key. Lastly you will be prompted for a password. It is recommended that you use a very strong password using a password manager of your choice.

Step 2 - Export Your Keys

Export your public key:

gpg --armor --export user-id > pubkey.asc

Export your private key:

gpg --export-secret-keys --armor user-id > privkey.asc

Step 3 - Protect Your Keys

It is recommended that you keep your private key in a safe place like an encrypted USB flash drive. You should also protect your revocation certificate. As the name suggests it is important if you wish to revoke your key.