- **Epistemic status:** #budding To generate a new [[GPG]] key successfully, there are a few steps. Type the following command to get started, and it should give you a series of prompts: ```bash gpg --full-generate-key ``` ## First prompt ```bash Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? ``` Unless you got a specific reason to pick the other options, the default (1) is the best choice, since it allows you to sign and encrypt files. ## Second prompt ```bash RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) ``` The default choice is sufficient, giving an extremely strong level of security. ## Third prompt ```bash Please specify how long the key should be valid. 0 = key does not expire d = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years key is valid for? (0) ``` Do not pick the default. It is important you pick an expiration date and if you need to it can be changed later. A good choice is `1y`. ## Fourth prompt You will be asked to provide your information. Don't provide bogus information because it will make it difficult for others to find your public key, making authenticating the communication painful. ## Final prompt Finally, enter the passphrase for your secret key and when prompt to generate random data move your mouse, type random keys, or perform other tasks. Once that is finished, you should be all set and the key will be generated. --- ## References - Red Hat Customer Portal. “3.5.3. Creating GPG Keys Using the Command Line Red Hat Enterprise Linux 6.” Accessed March 27, 2022. <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-encryption-gpg-creating_gpg_keys_using_the_command_line>. - “Creating and Managing a GPG Key Pair — Nick Janetakis.” Accessed March 27, 2022. <https://nickjanetakis.com/blog/creating-and-managing-a-gpg-key-pair>.