How to generate a GPG Key with multiple uids & subkeys?
Requirements
Disk Image
Download the latest Arch Linux or ArchBang Linux release and write it to a bootable CD or USB thumbdrive.
<sxh bash;gutter: false> ~$: dd if=archlinux-$VERSION-dual.iso of=/dev/$DEVICE bs=8192 </sxh>
Than boot your computer with it.
Effectively preventing pinentry from failing
gpg: problem with the agent: No pinentry
<sxh bash;gutter: false> ~$: echo "pinentry-program `which pinentry-tty`" » ./.gnupg/gpg-agent.conf </sxh>
Generating the master key
<sxh bash;gutter: false> ~$: gpg2 –expert –full-gen-key # 10 # 1 # y # 0 # y # Real NAME # E-Mail Address # Comment # O # y # T </sxh>
Generating the sub keys to your master key
<sxh bash;gutter: false> ~$: gpg2 --expert --edit-key $KEYID gpg> addkey # 8 # Q # 4096 # 1y # y # y # T gpg> save </sxh>
Removing the primary key
<sxh bash;gutter: false> ~$: gpg -K ~$: gpg -a --export-secret-subkeys $KEYID > 0x$KEYID-secret.subkeys.gpg ~$: gpg --delete-secret-keys $KEYID # y # y # D # D # D </sxh>
Troubleshooting
Error while generating key?
If you get the following error while the key generation:
gpg: can't connect to the agent: IPC connect call failed gpg: agent_genkey failed: No agent running Key generation failed: No agent running
it means your gpg-agent isn't running.
ECC key not successfully uploaded to keyserver
Consider the following.
FAQ
- Why using Arch*Linux instead of something more security related like Tails?
In the moment of writing, Tails doesn't include the latest gpg2 package within its distribution. To narrow down as much obstacles as possible, I've chosen a distribution which includes all needed software packages.
References
Further Reading
- FSDE - E-Mail Defense Guide (Beginner's Guide & visually addressing)
- GPG KeyGenerator (An online service generating GPG keys within your browser. Advertised as secure and trustworthy, though not recommended.)