GPG, the GNU Privacy Guard, can be used to digitally sign email, encrypt files. GPG is also used to sign RPM package.
In this post, I’ll write a short instruction on how to generate a new GPG key on RHEL or CentOS 7.
The command we need to generate the GPG key is gpg
. This program is provided by gnupg2
, and it should have aready been installed in most system.
If we’re generating the GPG key on a virtual machine, we should run rngd
command to generate enough entropy. (rngd
is provided by rng-tools
)
sudo rngd -r /dev/urandom
[sudo] password for student:
Initalizing available sources
Enabling RDSEED rng support
Enabling JITTER rng support
Now we’re ready to generate the key:
$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/home/student/.gnupg' created
gpg: new configuration file `/home/student/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/student/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/student/.gnupg/secring.gpg' created
gpg: keyring `/home/student/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Student
Email address: student@example.com
Comment:
You selected this USER-ID:
"Student <student@example.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/student/.gnupg/trustdb.gpg: trustdb created
gpg: key B5DEFFB6 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/B5DEFFB6 2019-08-26
Key fingerprint = 1549 22C9 02C5 FBDD 8296 2384 B081 992B B5DE FFB6
uid Student <student@example.com>
sub 2048R/6FE8E924 2019-08-26
In the above example, I supplied the following answers or options:
- Type of key: RSA
- Key size: 2048
- Key does not expire: 0
- Real name: student
- Email address: student@example.com
We can list the keys with either --finger
or --list-keys
.
$ gpg --finger
/home/student/.gnupg/pubring.gpg
--------------------------------
pub 2048R/B5DEFFB6 2019-08-26
Key fingerprint = 1549 22C9 02C5 FBDD 8296 2384 B081 992B B5DE FFB6
uid Student <student@example.com>
sub 2048R/6FE8E924 2019-08-26
If we want to export our public key to put send it to a friend, or put on the website for others to download, we can export this key as the following:
$ gpg --export --armor student@example.com
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)
mQENBF1jkcgBCADFpem3sIxRG3Nl+uu3iZN38xsHTUCTTyZdD0hUiAsD9gsmKzbL
LCPCnNYBHzJ+dzQR5DamqOMqgHOnJbFxm2SAdRVKY2c45HB2aYKg5wLZpQMsDkgY
3ue8aWLVU2gsJTTMDE0n2DOyczJfZZ7w2xsmOvtClaSgkHNwmkdY5645IIrEZvuF
ZrGiYpSRMM5TmX7Ilzi2g/HKsEJaXI0vk6PtT89rFJP6gr7dRw4+YK1mD/nUNtLo
9CBAM0QEeNw+LtNPe4bfNKLB5/XIHzlUDU7I0QDo1nR4ruTdB8ZzdDSHQA/3UCFY
+0vjf52H6nD27TGDLKzt8X4YGK44aVpwn+17ABEBAAG0HVN0dWRlbnQgPHN0dWRl
bnRAZXhhbXBsZS5jb20+iQE5BBMBAgAjBQJdY5HIAhsDBwsJCAcDAgEGFQgCCQoL
BBYCAwECHgECF4AACgkQsIGZK7Xe/7Yyqgf7B5PvpTV64nYAmYlwxKZ1Uryj9h7z
FHq6yN7eBN3i98GPScZaqm1NQQ+nIYfbpVyUzDSpfmAz0SbuhxGTXEhHLFCar8d/
YN/O+MgJSZx/EuZ/xk9hUSgyP37E4+0hwph053UXvoHtIE+F/Y/Uf3qRTi7KutUS
xA11HGLMrxa9jujIKNAVg4w+Xla/jDB8BhTdqxFC/45+Flmb13tz1yJLbh5Bj6EI
G/ak/gMtf1MO2iUEQ5YzREpcS55O7RPYYjhYwb/eJPJFJZtOK6HfH4miDcACwX4X
6IPbVcB1nJc6rQgtq+ownCOyWGWIDHCEp2yD9Zs9GHZOvBevcEagcgKtRLkBDQRd
Y5HIAQgA7YgiMoyhwpBwcesHJAgVgfr+r6+WdHgvqxLnO1TH/VpPRsXpLBanLGhB
kF39OcZGE0rt/Y/mRjJSAvxBjbboDiTTHr3SUJwe5jDt2L4A/40POZBZ8pKHZ6ut
YcsAa11QHSJ3UgnczimX3VJwcLSnFf8WdVlD8iX1oX3Wn5sem8nhFGyhJfg5iKlQ
xA1AiOsIXmorz9DrE6ky14q3qUq5/FBhpi/m/PVvwmVux4CT6QhpMeoZnLsfO1eI
ZPi5LQ2RHabTsppDFASwFW+7+lnjUxPj2pEYiGSqYLfy/L6dfNfSGn6KNxgrpRi0
C7DNiNa2Wp8z4BFLPrylSftpjVQwmwARAQABiQEfBBgBAgAJBQJdY5HIAhsMAAoJ
ELCBmSu13v+2EvMH/2nUd3SCEgOlcWaEVqi+AFevZcCzg5WJJZEwMRd2xYqZNXuk
IfsfaFT+fbm2GB+Q+D2ohLrgY3vd+1xpDRga3K7H+3SlllIMn71xavFlwgE2bAAI
kZuLDU/tYQvNKIVnoYyawcws5FE+UaqK0HOsnc+Qaic86CdW7uPmA+CidSUcRvxQ
q9Az+Jsx4ZBjUOzi6m/eg4Tn4+IdduzM8/j9wqP+e2q2LLNKTMEY9rjOU7cWqPwL
rCyAg75Le+Jpr8oaA5Ds5ub+V80cOLr+5FJ1RWA7gPkuA48Kpd1TDG8qtj3IiLcp
UA8XGYRXfPwxg6sy8GAMwObNVW9KF8aGgJRbSYE=
=S0wW
-----END PGP PUBLIC KEY BLOCK-----
--armor
- exported as ASCII armored version
Reference: