OpenPGP: How do I create a OpenPGP Key?

You may also like...

2 Responses

  1. Richard Gomes says:

    Hello Stuart,

    First of all: Thanks a lot for the great article.

    I have a question which arose due to the negative voice narrative you employed whilst explaining the commands involved on subkeys. You said “not in a laptop” in a context involving desktop and laptop, which confused me.

    So, on item 3 of your instructions on subkeys, I’ve interpreted like this:

    3.a. If you are on a desktop: there’s nothing to be done.
    3.b. If you are on a laptop: copy the generated subkey into your laptop and then import the copied subkey into your keyring, like this:

    laptop:$ rcp me@desktop:.gnupg/1FA1E814.sub.gpg $HOME/.gnupg
    laptop:$ gpg –import $HOME/.gnupg/1FA1E814.sub.gpg

    Would that be correct?

    • Good evening Richard, thanks for your comment.

      The end goal of creating a subkey for your laptop is to make sure your master is not stored on the laptop – so if for whatever reason, loss of theft, you use access to your laptop the master key is not compromised at the same time. Instead only the subkey is lost and can be revoked independently of the master key.

      What we’re trying to achieve in the ‘Creating your Laptop Key’ section
      1. Export only the subkeys from 1FA1E814 into a separate file
      2. Delete the master key from 1FA1E814, since GPG only allows you to delete the full key we have to do that instead. This is only required if you create the key on the laptop you want to have the subkey as I am making the assumption you ‘trust’ your desktop and want to keep your master key on it
      3. Reimport the exported subkey (from step 1) into your keystore.

      Please note key ID 1FA1E814 is only an example, your key ID will be different

      Which is a long explanation and boils down to, yes. Your interpretation, and the commands you posted, is correct.

      Sorry for the confusion, I hope I’ve made it a little more clear?

Leave a Reply

%d bloggers like this: