Create a strong 4096-bit RSA key. In the future when a more modern elliptic curve key is standard for OpenPGP. These instructions largely follow
sguy@helium:~$ gpg --full-gen-key gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory '/home/sguy/.gnupg' created gpg: keybox '/home/sguy/.gnupg/pubring.kbx' created Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Fri Dec 18 23:35:04 2020 EST Is this correct? (y/N) y GnuPG needs to construct a user ID to identify your key. Real name: Some Guy Email address: sguy@quay.net Comment: You selected this USER-ID: "Some Guy <sguy@quay.net>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /home/sguy/.gnupg/trustdb.gpg: trustdb created gpg: key FEDCBA0987654321 marked as ultimately trusted gpg: directory '/home/sguy/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/sguy/.gnupg/openpgp-revocs.d/1234567890ABCDEF111000FEDCBA0987654321.rev' public and secret key created and signed. pub rsa4096 2018-12-20 [SC] [expires: 2020-12-19] 1234567890ABCDEF111000FEDCBA0987654321 uid Some Guy <sguy@quay.net> sub rsa4096 2018-12-20 [E] [expires: 2020-12-19] sguy@helium:~/.gnupg$ cat gpg.conf keyid-format 0xlong cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed sguy@helium:~$ gpg --edit-key sguy@quay.net gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2020-12-19 sec rsa4096/0xFEDCBA0987654321 created: 2018-12-20 expires: 2020-12-19 usage: SC trust: ultimate validity: ultimate ssb rsa4096/0xFEDCBA0987654322 created: 2018-12-20 expires: 2020-12-19 usage: E [ultimate] (1). Some Guy <sguy@quay.net> gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 23m Key expires at Sun Nov 8 23:50:18 2020 EST Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. sec rsa4096/0xFEDCBA0987654321 created: 2018-12-20 expires: 2020-12-19 usage: SC trust: ultimate validity: ultimate ssb rsa4096/0xFEDCBA0987654322 created: 2018-12-20 expires: 2020-12-19 usage: E ssb rsa4096/0xFEDCBA0987654323 created: 2018-12-20 expires: 2020-11-09 usage: S [ultimate] (1). Some Guy <sguy@quay.net> gpg> save