Generating GPG key in Linux

Q. Recently when we are building a RPM package using rpm-build we come across a requirement to have GPG key inserted in to the package for security and authenticity of the rpm package, so that people will come to know it came from us. This prompted us to create our own GPG public and private key. Here in this post we will show you how to generate a GPG key step by step.
Step1: Generate gpg(GNU privacy Gard) key by using gpg command along with –gen-key option as show below.

gpg –gen-key

Example output:

[[email protected] ~]$ gpg –gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Step2: Select your type of encryption to your key:

Example output:

Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 2

Related concept:   IPTABLES BASICS

From the above options select one which suites you best. Here we choose to use DSA and Elgamal.

Step3: Select the bit’s long. The longer the DSA key the better the security.

Example output:

DSA keys may be between 1024 and 3072 bit’s long.
What keysize do you want? (2048)
Requested keysize is 2048 bit’s

Step4: Now Select the key expiry time as shown below. We selected “0” so that the key will not expire

Sample output:
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

Step5: Give your details as shown below:

GnuPG needs to construct a user ID to identify your key.

Real name: Surendra Kumar Anne
Email address: [email protected]
Comment: This my rpm building system
You selected this USER-ID:

“Surendra Kumar Anne (The Linux Juggernaut) <[email protected]>”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o

Step6: Now we have to generate the pass-phrase or password. Give what ever password you require and it may say that it’s not secure if it’s based on dictionary.

Related concept:   PERL Scripting: Install a module through CPAN and manually

You need a Passphrase to protect your secret key.
/home/bulli/.gnupg/trustdb.gpg: trustdb created

step7: Once we created the password we have to generate a random characters to encrypt it with these random char, you can do either move the mouse or type something with keyboard.
I given just below random characters when asked


Sample output:
We need to generate a a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
key 3EAAE49F marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/3EAAE49F 2012-09-27
Key fingerprint = A6A4 55BF D0DC 0EFE 3D54 2921 ABFC 8773 3EAA E49F
uid Surendra Kumar Anne (The Linux Juggernaut) <[email protected]>
sub 2048R/A024F920 2012-09-27

Step8: Check if your key is generated sucessfully or not

Related concept:   How To Reduce Delay/slow SSH Logins and connections

gpg -k

sample output:

gpg -k
pub 2048R/3EAAE49F 2012-09-27
uid Surendra Kumar Anne (The Linux Juggernaut) <[email protected]>
sub 2048R/A024F920 2012-09-27
Here my key will is 3EAAE49

Please comment your thoughts on this.