DEV Community

fauzymadani
fauzymadani

Posted on

how to make gpg key in linux.

ever wonder how a developer generate a gpg key?, this is how they do it!

but what the heck is gpg key?

GPG / PGP

_GnuPG _(more commonly known as GPG) is an implementation of a standard known as PGP (Pretty Good Privacy). It uses a system of "public" and "private" keys for the encryption and signing of messages or data.

Understanding public vs. private keys
Private keys are the first half of a GPG key which is used to decrypt messages that are encrypted using the public key, as well as signing messages - a technique used to prove that you own the key. As the name implies, this part of the key should never be shared.

Public keys are the second half of a key which is used to encrypt messages for the owner of the private key. As the name implies, this part of the key is safe to give out to the public, as it can only be used to encrypt messages or data for the private key owner.

You can download GnuPG (including graphical versions for those uncomfortable with command line) for various platforms, including Windows and macOS / OSX from the GnuPG Website.

On most Linux distributions, GnuPG is included by default as the command line utility gpg, or is available in your package manager.

gpg key

the first thing first

install gnupg.
debian/ubuntu:
sudo apt install gnupg -y

fedora:
sudo dnf install gnupg

centOS/RHEL:
sudo dnf install gnupg

arch
sudo pacman -S gnupg

generate the key
sudo gpg --gen-key
and then you have to choose the passphrase. input a secure passphrase.

output example:

➜  ~ sudo gpg --gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: fauzy
Email address: fauzymadani3@gmail.com
You selected this USER-ID:
    "fauzy <fauzymadani3@gmail.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 36BBED9427909FDC marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/CB81A6A5BB40128F1D7F495F36BBED9427909FDC.rev'
public and secret key created and signed.

pub   rsa3072 2024-09-19 [SC] [expires: 2026-09-19]
      CB81A6A5BB40128F1D7F495F36BBED9427909FDC
uid                      fauzy <fauzymadani3@gmail.com>
sub   rsa3072 2024-09-19 [E] [expires: 2026-09-19]
Enter fullscreen mode Exit fullscreen mode

to see the key:
sudo cat /root/.gnupg/openpgp-revocs.d/CB81A6A5BB40128F1D7F495F36BBED9427909FDC.rev

change the path with your path.

to see the list of the key:
gpg -k

and that's it. hope you enjoy reading the article!

Top comments (0)