Chaos Computer Club Lëtzebuerg

“Chaos in the world brings uneasiness, but it also allows the opportunity for creativity and growth.” -- Tom Barret

User Tools

Site Tools


How to generate a GPG Key with multiple uids & subkeys?

This page is still a DRAFT.


Disk Image

Download the latest Arch Linux or ArchBang Linux release and write it to a bootable CD or USB thumbdrive.

~$: dd if=archlinux-$VERSION-dual.iso of=/dev/$DEVICE bs=8192

Than boot your computer with it.

Paranoid Modus: use a non-networked computer for this procedure.

Effectively preventing pinentry from failing

gpg: problem with the agent: No pinentry

~$: echo "pinentry-program `which pinentry-tty`" >> ./.gnupg/gpg-agent.conf

Generating the master key

~$: gpg2 --expert --full-gen-key
# 10
# 1
# y
# 0
# y
# Real NAME
# E-Mail Address
# Comment
# O
# y
# T

Generating the sub keys to your master key

~$: gpg2 --expert --edit-key $KEYID
gpg> addkey
# 8
# Q
# 4096
# 1y
# y
# y
# T
gpg> save

Removing the primary key

~$: gpg -K
~$: gpg -a --export-secret-subkeys $KEYID > 0x$KEYID-secret.subkeys.gpg
~$: gpg --delete-secret-keys $KEYID
# y
# y
# D
# D
# D 


Error while generating key?

If you get the following error while the key generation:

gpg: can't connect to the agent: IPC connect call failed
gpg: agent_genkey failed: No agent running
Key generation failed: No agent running 

it means your gpg-agent isn't running.

ECC key not successfully uploaded to keyserver

Consider the following.


  1. Why using Arch*Linux instead of something more security related like Tails?

In the moment of writing, Tails doesn't include the latest gpg2 package within its distribution. To narrow down as much obstacles as possible, I've chosen a distribution which includes all needed software packages.


Further Reading

projects/howtos/gpg.txt · Last modified: 2016/03/08 00:01 by prometheus