I’m a software developer who runs Scribophile, an online writing group for serious writers, Writerfolio, an online writing portfolio service for freelancers, and Standard Ebooks, a publisher of beautifully-illustrated public-domain ebooks.

Creating the perfect GPG keypair

A rusty lock

There’s a lot of information online on how to create a new GPG keypair. Unfortunately a lot of it is old advice and recommends settings that today might be unsafe.

There also isn’t too much information on how to protect your keypair if you use a laptop that might get lost or stolen.

Protecting your keypair on a laptop is tricky. On one hand, you need your private key with you to decrypt or sign messages.

On the other hand, if your laptop is stolen then you risk losing your entire online identity, perhaps going back years, because the thief would have access to your private key and could then impersonate you.

You’d think that today, where laptops and world travel are commonplace, there’d be a little more information on how to secure a private key you have to travel with. But I could only find one resource: the Debian Wiki entry on subkeys. Fortunately it turns out this wiki page has exactly the solution we need.

Subkeys help protect your identity in case of private key (laptop) theft

If a thief gets ahold of the laptop with your private key on it, it’s pretty much game over. The thief can not only decrypt messages intended for you, they can also impersonate you by signing messages with your private key. Your only recourse would be to revoke your key, but that would mean losing years of signatures on that key and basically creating a massive inconvenience for yourself.

Part of the answer to this problem is the concept of subkeys. Subkeys can’t prevent a thief from decrypting messages intended for your private key. But they can help mitigate the damage to your identity should your key be lost or stolen.

The concept behind this technique is as follows:

  1. Create a regular GPG keypair. By default GPG creates one signing subkey (your identity) and one encryption subkey (how you receive messages intended for you).

  2. Use GPG to add an additional signing subkey to your keypair. This new subkey is linked to the first signing key. Now we have three subkeys.

  3. This keypair is your master keypair. Store it in a protected place like your house or a safe-deposit box. Your master keypair is the one whose loss would be truly catastrophic.

  4. Copy your master keypair to your laptop. Then use GPG to remove the original signing subkey, leaving only the new signing subkey and the encryption subkey. This transforms your master keypair into your laptop keypair.

Your laptop keypair is what you’ll use for day-to-day GPG usage.

What’s the benefit to this setup? Since your master keypair isn’t stored on your traveling laptop, that means you can revoke the subkeys on your laptop should your laptop be stolen. Since you’re not revoking the original subkey you created in the master keypair—remember, we removed it from our laptop’s keypair—that means you don’t have to create a new keypair and go through the hassle of getting people to sign it again. You’d still have to revoke the stolen subkey, and the thief could still use the encryption subkey to decrypt any messages you’ve already received, but at least the damage done won’t be as catastrophic.

Creating the perfect GPG keypair, step-by-step

I’m going to lead you through the steps to create a new keypair using this subkey method. To do this we’ll be using GPG 1.4.11, which is the version currently distributed with Ubuntu 12.04 LTS.

Creating your initial keypair

Use the gpg ‐‐gen-key command to create a new GPG keypair.

You may want your key to expire; it’s up to you.

gpg --gen-key gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and E-mail Address in this form: "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" Real name: Bilbo Baggins E-mail address: bilbo@shire.org Comment: You selected this USER-ID: "Bilbo Baggins <bilbo@shire.org>" Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? o You need a Passphrase to protect your secret key. <passphrase> gpg: key 488BA441 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/488BA441 2013-03-13 Key fingerprint = B878 1FB6 B187 B94C 3E52 2AFA EB1D B79A 488B A441 uid Bilbo Baggins <bilbo@shire.org> sub 4096R/69B0EA85 2013-03-13

When prompted for a passphrase, make sure to pick a long and unique one. If your key gets stolen, this passphrase is the only thing protecting it!

Adding a picture

You might want to add a picture of yourself for completeness. Since the picture is stored in your public key and your public key gets distributed in a lot of places, including sometimes email, it’s best to use a small image to save space.

Use the gpg ‐‐edit-key command. At the gpg> prompt, enter the command addphoto and give GPG the path of the picture you’d like to use. When you’re done, use save at the final gpg> prompt to save your changes:

gpg --edit-key bilbo@shire.org gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E [ultimate] (1). Bilbo Baggins <bilbo@shire.org> gpg> addphoto Pick an image to use for your photo ID. The image must be a JPEG file. Remember that the image is stored within your public key. If you use a very large picture, your key will become very large as well! Keeping the image close to 240x288 is a good size to use. Enter JPEG filename for photo ID: /home/bilbo/me.jpg Is this photo correct (y/N/q)? y You need a passphrase to unlock the secret key for user: "Bilbo Baggins <bilbo@shire.org>" 4096-bit RSA key, ID 488BA441, created 2013-03-13 <passphrase> pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ unknown] (2) [jpeg image of size 5324] gpg> save

Strengthening hash preferences

Now we set our key to prefer stronger hashes. Use the gpg ‐‐edit-key command. At the gpg> prompt, enter the command setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed (note that this will probably be cut off in the example below; highlight it with your mouse to see it), then save.

gpg --edit-key bilbo@shire.org gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed Set preference list to: Cypher: AES256, AES192, AES, CAST5, 3DES Digest: SHA512, SHA384, SHA256, SHA224, SHA1 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Really update the preferences? (y/N) y You need a passphrase to unlock the secret key for user: "Bilbo Baggins <bilbo@shire.org>" 4096-bit RSA key, ID 488BA441, created 2013-03-13 <passphrase> pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> save

Adding a new signing subkey

Now for the special sauce: let’s add our new signing subkey.

Use the gpg ‐‐edit-key command. At the gpg> prompt, enter the command addkey. Select RSA (sign only) and 4096 for the keysize. Don’t forget to save at the last gpg> prompt:

gpg --edit-key bilbo@shire.org gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> addkey Key is protected. You need a passphrase to unlock the secret key for user: "Bilbo Baggins <bilbo@shire.org>" 4096-bit RSA key, ID 488BA441, created 2013-03-13 <passphrase> Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y Really create? (y/N) y pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E sub 4096R/C24C2CDA created: 2013-03-13 expires: never usage: S [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> save

Creating a revocation certificate

Now we generate a revocation certificate file. If your master keypair gets lost or stolen, this certificate file is the only way you’ll be able to tell people to ignore the stolen key. This is important, don’t skip this step!

gpg --output \<bilbo@shire.org\>.gpg-revocation-certificate --gen-revoke bilbo@shire.org

Store the revocation certificate file in a different place than your master keypair (which we’ll export in a later step). You’ll use it to revoke your master keypair should you lose access to it. If you only lose access to your laptop keypair, then you’ll revoke those subkeys using the master keypair, not this revocation certificate.

Exporting the final product

Now that your keypair has been created, let’s export it so that we can back it up:

gpg --export-secret-keys --armor bilbo@shire.org > \<bilbo@shire.org\>.private.gpg-key gpg --export --armor bilbo@shire.org > \<bilbo@shire.org\>.public.gpg-key

This will create two files: your public key and your private key. Protect these two files, along with the revocation certificate file, as best as you can—don’t keep them on your laptop, keep them in your house or in a safe-deposit box. These three files are your master keypair.

Transforming your master keypair into your laptop keypair

Now we have our master keypair in our keyring, along with three files representing the master keypair plus the keypair’s revocation certificate. To transform our master keypair into our laptop keypair, we have to remove the original signing subkey from the master keypair in our keyring.

GPG doesn’t make this easy, but here we go:

  1. Export all of the subkeys from our new keypair to a file:

    gpg --export-secret-subkeys bilbo@shire.org > subkeys
  2. Delete the original signing subkey from the keypair in our keyring:

    gpg --delete-secret-key bilbo@shire.org
  3. Re-import the keys we exported and clean up our temporary file (Thanks to commenter d33tah for suggesting shred instead of rm):

    gpg --import subkeys shred --remove subkeys

That’s all! You can verify it worked by running:

gpg -K /home/bilbo/.gnupg/secring.gpg ----------------------------- sec# 4096R/488BA441 2013-03-13 uid Bilbo Baggins <bilbo@shire.org> ssb 4096R/69B0EA85 2013-03-13 ssb 4096R/C24C2CDA 2013-03-13

See how the third line begins with “sec#”, not “sec”? The pound sign means the signing subkey is not in the keypair located in the keyring.

You’re all done!

What have we just accomplished?

If you followed all the steps in this guide, you:

  1. Created a new keypair using the strongest possible settings.

  2. Added a new signing subkey to that keypair.

  3. Exported the complete keypair to two files plus a revocation certificate, all three of which you’ve stored up in a safe place, not on your laptop. This is your master keypair.

  4. Removed the original signing subkey from the master keypair in your laptop’s keyring, thus transforming your master keypair into your laptop keypair. Your life will now be a little easier should your laptop get lost or stolen.

Using your new laptop keypair

You can now use your keypair to encrypt, decrypt, and sign files and messages.

To sign someone else’s key or to create or revoke a subkey on this keypair, you need to use the master keypair that you keep safe—the one that’s not on your laptop.

You should distribute your public key to a keyserver. There are plenty of tutorials online on how to do that.

In case of emergency

Should the worst happen and your laptop with your special keypair gets lost or stolen (or your special keypair is otherwise compromised), we need to revoke the subkeys on that keypair.

  1. Unlock your safe-deposit box and get your master keypair out.
  2. Boot a live USB of Ubuntu or your distro of choice. Then, import your master keypair into the live USB’s keyring:

    gpg --import /path/to/\<bilbo@shire.org\>.public.gpg-key /path/to/\<bilbo@shire.org\>.private.gpg-key
  3. Now use gpg ‐‐edit-key to interactively revoke your subkeys:

    gpg --edit-key bilbo@shire.org gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E sub 4096R/C24C2CDA created: 2013-03-13 expires: never usage: S [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> key 1 pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub* 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E sub 4096R/C24C2CDA created: 2013-03-13 expires: never usage: S [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> key 2 pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate sub* 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E sub* 4096R/C24C2CDA created: 2013-03-13 expires: never usage: S [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> revkey Do you really want to revoke the selected subkeys? (y/N) y Please select the reason for the revocation: 0 = No reason specified 1 = Key has been compromised 2 = Key is superseded 3 = Key is no longer used Q = Cancel Your decision? 1 Enter an optional description; end it with an empty line: > Reason for revocation: Key has been compromised (No description given) Is this okay? (y/N) y You need a passphrase to unlock the secret key for user: "Bilbo Baggins <bilbo@shire.org>" 4096-bit RSA key, ID 488BA441, created 2013-03-13 <passphrase> You need a passphrase to unlock the secret key for user: "Bilbo Baggins <bilbo@shire.org>" 4096-bit RSA key, ID 488BA441, created 2013-03-13 <passphrase> pub 4096R/488BA441 created: 2013-03-13 expires: never usage: SC trust: ultimate validity: ultimate This key was revoked on 2013-03-13 by RSA key 488BA441 Bilbo Baggins sub 4096R/69B0EA85 created: 2013-03-13 expires: never usage: E This key was revoked on 2013-03-13 by RSA key 488BA441 Bilbo Baggins sub 4096R/C24C2CDA created: 2013-03-13 expires: never usage: S [ultimate] (1). Bilbo Baggins <bilbo@shire.org> [ultimate] (2) [jpeg image of size 5324] gpg> save
  4. Now that your subkey has been revoked, you have to tell the world about it by distributing your key to a keyserver.

Further reading

Comments

  1. Vadim

    Thanks for info about “sec#” (the signing subkey is not in the keypair located in keyring).

  2. Byron Sanchez

    Great writeup. I managed to get through the whole guide and setup my local keyring. Now I just have to find a secure location for the master keypair.

  3. Boris Ent

    How do I solve this problem?
      gpg –import “..\DEV\SecretKey.gpg”
      gpg: no valid OpenPGP data found.
      gpg: Total number processed: 0

    The same happens with:
      gpg –import “..\DEV\SecretSubKey.gpg”
      gpg –import “..\DEV\PublicKey.gpg”

    Followed these instructions “Creating the perfect GPG keypair – Alex Cabal”.
    https://alexcabal.com/creating-the-perfect-gpg-keypair/

    Everything worked as described.

    Encryption.  Decryption.  Signing.  Perfect.

    Then I wanted to add a photo:
      gpg: secret key parts are not available
      gpg: signing failed: general error

    Oops.  I needed to import my keys.

    Import worked!  I added my photo.  Done.

    That was 2 months ago.

    Now, I want to change my photo to colour.

    First, I deleted the old photo…

    No password.  No “secret key parts” warning.

    But, the image is gone.  Good.

    So, I run:
      gpg –import “..\DEV\SecretKey.gpg”

    And, I’m rewarded with:
      gpg: no valid OpenPGP data found.
      gpg: Total number processed: 0

    I’m running gpg (GnuPG) 1.4.13 on Win8, Win7 and Vista.
    ____
    ¯¯¯¯

  4. Alex Cabal

    That warning suggests that the SecretKey.gpg file does not contain a valid GPG secret key. Have you tried opening the file in a text editor to confirm it has the entire key?

  5. Boris Ent

    Yes.

    I did back up my exported keys.

    There isn’t anything missing from the keys I tried to import.

    I think the problem is in deleting the image without the need of the secret key present.

    Running the scenario on a new keyring in the “correct order” of:
    • import the secret key
    • delete the image
    • add a new image
    • export the secret key
    • etc.
    didn’t produce this error.

    When I find the time I’ll experiment further.

  6. Facundo

    Great, thank you!

  7. Alex

    Thanks for the great writeup. I have a practical question regarding “To sign someone else’s key or to create or revoke a subkey on this keypair, you need to use the master keypair that you keep safe—the one that’s not on your laptop.”

    How exactly would I do that to sign Fred’s key? Please note that the “safe” environment that stores my master keypair is not networked.

    My guess:
    1. Get Fred’s public key on a USB key
    2. Get my master keypair from where it’s stored
    3. Boot a trusted environment (e.g. TAILS) with no networking
    4. Import my master keypair to the trusted environment
    5. Import Fred’s public key to the trusted environment (careful that Fred’s key is not trojaned etc)
    6. Sign Fred’s public key
    7. Now what? How do I make Fred’s signed key available to the world (keyservers) and to my “laptop” environment for day-to-day use? Do I just export Fred’s newly-signed key to a USB key and then import it in my “laptop” environment & upload to keyservers?

  8. Alex Cabal

    Yes Alex that’s correct. Once you’ve signed the other person’s public key in a trusted environment, you can send that signature back to them via email at your convenience. See here for more details (specifically the “After the Party” section): http://www.phillylinux.org/keys/terminal.html

  9. Alex

    Thanks for confirmation – one more question I’ve been mulling over:

    You state that “Your life will now be a little easier should your laptop get lost or stolen.” – but it’s unclear to me what the practical difference between the following two scenarios is:
    (a) revoking my signing and encryption subkey, therefore having to publish new ones to the world and
    (b) revoking all of my keys

    Even if I had heavily invested in the Web Of Trust and I had a public key signed by hundreds of people, wouldn’t that be lost with this setup?

    Not sure what the practical advantage of keeping that offline key is… could you elaborate?

  10. Alex Cabal

    From the Debian Subkeys wiki: “In case your subkey gets stolen while your master key remains safe, you can revoke the compromised subkey and replace it with a new subkey without having to rebuild your reputation and without reducing reputation of other people’s keys signed with your master key.”

  11. Stefan

    Great guide!

    One question: why use gpg 1.4? Gpg2 is intended for desktop use for quite a while now, it supersedes the gpg 1.4 series. Gpg 1.4 is still maintained but intended for servers and embedded systems.

  12. Alex Cabal

    gpg 1.4 is the version packaged in Ubuntu 12.04 LTS, so it’s the version most likely to be in use for the next few years (for Ubuntu users at least).

  13. Stefan

    I see.

    I just completed the guide using gpg2 (2.0.19 to be exact), works fine.
    Also referenced some other sources, but yours was the main one I used. I’m probably gonna publish a blog about it as well, I’ll reference you of course :)
    (unless you don’t want to, let me know here, I’ll check back, or email me)

  14. Alex Cabal

    Sure, no need to ask!

  15. Scott Rubin

    Can the same concept of subkeys be used for SSH? Is there a way to have one SSH master key, put subkeys on all of my SSH client computers, then just put my public key on the server I am SSH-ing to?

  16. zokier

    @Scott Rubin

    SSH supports certificates, which can be signed by a CA. It kinda creates similar master/sub structure.

    Here is a blog post (not mine) explaining how to create such setup:

    https://blog.habets.se/2011/07/OpenSSH-certificates

  17. Stanislav Sedov

    gpg-agent can be used in-place of ssh-agent (it has a compatibility mode). So you can create the authentication subkey in a similar manner and use it with ssh. gpgkey2ssh(1) tool can convert the specified GPG key to a format suitable for authorized_keys.

  18. Klaas

    Please do not advise (or give an example) people to not set a key expiration date, that’s bad practice. Instead, set a reasonable key expiration length in addition to generating the revocation certificate. This protects against loss of the certificate/master key/etc. It’s easy to extend the expiration date, even after it elapsed.

  19. clutton

    Ok, nice topic, but you’d better encrypt your laptop hard/solid drive…

  20. Lars

    What’s the point of creating a revocation certificate and then storing it in the same place as the private key? If you need to revoke the key, why not just get the private key out and revoke it?

  21. Alex Cabal

    Lars, good point, I’ll revise that line. The revocation certificate should be used to revoke the entire master keypair should you lose it, not the individual subkeys of the master or laptop keypair.

  22. John

    This is an excellent guide.

    I do have one question: if one wanted to add new UIDs to the key would you need to generate a new master key pair (revocation, public, and private certificates) to replace the backup, or a new laptop key pair? The reason I ask is that I have done just that, and obviously my “laptop” secret key doesn’t have the new UIDs within it.

    Ta

  23. Alex Cabal

    If you added a new UID to your master keypair, then I imagine what you’d have to do is re-generate the laptop keypair using the above instructions. That would probably be the most failsafe way of doing it.

  24. Nikolay Kolev

    SHA1 and 3DES cannot be removed though, so, setpref sneaks them in.

  25. Toolow

    “you can revoke the compromised subkey and replace it with a new subkey without having to rebuild your reputation” => I don’t understand how. My reputation is build by letting my friends signing the keys I published (the subkeys).
    If I have to revoke those subkeys, how can my reputation still be ok ?

  26. Miro

    I’ve noticed that the public key generated before keyring transformation is different then afterwards.

    The content of the key is same … inspecting by (gpg –with-fingerprint ), but the byte content is different. Inspecting by (pgpdump ) there is one clause “Old: Signature Packet” on top there.

    Why this difference?
    And what is the public key to be distributed? send to keyserver?

  27. Alex Cabal

    @Toolow: You only have others sign your master keypair. Thus, if your laptop keypair is lost, you still maintain the original signatures on your master keypair, and you can use it to issue a new laptop keypair. That means that likewise you must use your master keypair to sign the keys of others.

    Now if you lost your master keypair, then you’re right–you’re in big trouble!

  28. Alex Cabal

    @Miro: I don’t know. That’s a question for someone with more in-depth PGP knowledge than me :)

  29. Toolow

    Ok, thanks.
    So what i finally release on keyservers are :
    - the master public key (then signed by my friends)
    - the uid (signed by the private master key)
    - the laptop public signing subkey (signed by the private master key)
    - the laptop public encription subkey (signed by the private master key)

  30. Alex Cabal

    @Toolow: All you have to do is gpg –send-keys to have gpg sort out what keys need to be sent where.

  31. PleaseHelpMeMystie72

    Hi. Thank YOU, Alex, for sharing your knowledge. I am a mere mortal, non-geek and am doing the ONLY REASONABLE thing for EVERYONE to do: LEARN to encrypt EVERYTHING – even millions of pictures of adorable kitty-cats. Please allow me to take this moment to ask ALL of the GOOD geeks EVERYWHERE to – please – make it EASY for everyone to teach their grandparents to [both] ENCRYPT everything AND to EASILY use GNUGPG. This time next year? Okay A.S.A.P. This is important. You ALL KNOW this. Thanks.

    Now, Alex, could you please help me? I would be so very grateful. Because I followed this tutorial “to-the-’t'” I now find myself in a bit of a pickle. I now think that we missed an important step – that you probably assumed that anyone who would follow your guidance would know to do. But, alas, I am a non-geek.

    I was so impressed with myself, after adding a picture. Then I was even more impressed with You, after You had me strengthen the hash preferences. And I felt very satisfied from choosing to make new signing sub-key. And of course, I made a revocation key – and properly saved each key, per your instructions. I also proudly use full-disk encryption – and have copied these keys, that I made per your instructions, onto several small and fully encrypted usb-sticks, which I intend to distribute to my beautiful friends and family, to keep my keys safely and redundantly, off-site.

    Now – uh-oh! And oh-crap. I just read a couple pages of advice, on different sites – pointing out that it must be the ORIGINAL MASTER signing key, that signs the keys of others – or revoking the second signing key would revoke your web-of-trust.

    [Now I have just ALSO realized, that even if I never have a theft or damage or compromise, that this very old hard drive will eventually fail - and I will need to transfer my set-up or duplicate it somehow, eventually.]

    A couple of sites say to copy the .gnupg directory and paste it somewhere or make a tar[?] backup. But I just securely deleted all of my [2] backups – of my home-files – and replaced them with copies of my new home files – right after doing your tutorial – so that I would have these new and impressive changes INCLUDED in my backed-up important files – changes made per your tutorial. So I NOW HAVE – NO .gnupg directory – that contains the Original Master – and with keys extracted – per your tutorial – I now have multiple copies of the keys – each produced separately.

    Now, mounting one of the usb-sticks, in order to sign someone else’s key, with the per-other-advice, like this:

    export GNUPGHOME=/media/MyMediaName/My FolderName/AnotherFolderName

    …which is where my key files are sitting – and then this:

    gpg -K

    I get gpg-ish blah-styled-output along these lines: lock not made: link() failed: Operation not permited gpg: can’t lock ‘[blah-my media - media/MyMediaName/My FolderName/AnotherFolderName] /secring.gpg’ – blah – DGB: oops – blah – is not locked blah keyblock resource – general blah-error… fatal: can’t acquire lock – giving up – secmem usage – blah-blocks of blah-pool…

    And previously, I was so happy when the “gpg -K” command gave me the sec# – not the sec…

    So I assume that gpg is looking for a .gnupg directory on my usb – which I now do NOT now have – because it’s not in your tutorial to put it there – previous to your laptop-keypair step – and I assume now – too late – that you assume that anyone attempting to follow a gpg tutorial would know to do this. But, sadly – no – not me. I am a mere idiot – trying, valiantly, to reach my genius mentality. So I assume that I must now do part of your tutorial – in reverse – to recover my previous .gnupg directory files – and then do your laptop-keypair step – again – except that I cannot figure out how – after 21 hours of looking for the command-line answers to this dilemma. And now I am wondering why you have us backup each key separately – when they apparently must all be together in the securing-file…

    Can you Please help me? I don’t know any commands except what I have encountered in beginner-ish tutorials. Don’t I need to now re-create the .gnupg directory – by putting my Original Master back in? and then copy this directory into each usb-stick? and then re-do your laptop-keypair step? and then mount a usb with my keys and with my Masterkey included in the .gnupg directory – for Masterkey-signing – and set the GNUPGHOME environment variable [?] like this:

    export GNUPGHOME=/media/TheNameOfMyMedia/.gnupg -> ? yes?

    …Is this [above] EXACTLY the command? with NO “/” trailing-slash at the end of the command?

    …And might you PLEASE HELP me – and hold my hand during it? please? I promise to teach others after setting A GOOD-ENCRYPTION-EXAMPLE for them.

  32. Alex Cabal

    Your situation sounds a little too complex to sort out in blog comments. If you’ve deleted files you need or otherwise messed around with directories you shouldn’t have, I suggest reinstalling GPG and simply creating a new keypair.

    Keys in a keypair can be exported to different files, as per the tutorial. They don’t have to be in a single file. (And I don’t think they can be outside of GPG internal machinery, which you shouldn’t really mess with.)

  33. PleaseHelpMeMystie72

    Hi – Thank you! The reason that my situation is so perfectly-simple – is that YOUR TUTORIAL WAS SIMPLY-PERFECT – and – it went just as PERFECTLY as I could have possibly imagined. Please note my Main Question [implied and also blatant in the main-text of Paragraph-5 of my first post:] HOW does one transfer this/your Beautiful setup – to a second computer? ? ? This is the main crisis that Everyone who lives long enough is GUARANTEED to face – as ALL hard drives are guaranteed to fail eventually…

    I think this should be super-simple – as I have only done ONLY and EXACTLY as you have instructed – and never messed with any directory – and – never deleted any files, in this process. Could you re-read my plea for help ’cause I think you must have added/assumed something that I wouldn’t even know how to do… And I think you missed Paragraph-3 – the point of which – is that following your tutorial went PERFECTLY. 100%, Perfectly. The only thing that I “deleted” was NOT ON my computer – it was a backup-usb’s [Spare/Backup] copy of my personal home files – yes – from an external usb stick – really – nothing to do with this/your process, except that it contained a copy of the .gnupg directory as it was – before I ever found your tutorial. Then I did exactly as you said to – throughout your tutorial – and then I just replaced that tiny backup [on-a-tiny-usb-stick] with what happened TO my linuxbox home files – as a result of PERFECTLY following your very easy-to-follow [compared-with-some-others] tutorial – which [very pleasantly] turned out to incur – for EVERY STEP of the way – the EXACT RESULTS that you said it would occur. Perfect, so far…

    Note in Paragragh-6 that it is BACKUPS that were deleted… My main system has ONLY the PERFECTLY-CREATED files that are EXACTLY what you guided me to create.

    Your tutorial does not include how to use my Masterkey to sign someone else’s key – I cannot find a tutorial on that – and yet your tutorial – that turned out PERFECTLY – and exactly as you said it should – for every step of the way – leaves me – Perfectly – exactly as you said it Would – with no Masterkey in my “laptop” – which now has a “Laptop-Keypair” – which numerous other tutorials point out – that I cannot use for signing keys in a way that will preserve the web-of-trust if disaster strikes the “Laptop-Keypair.” And – also – your tutorial does not help me set up my other computers with THE SAME perfectly-beautiful “Laptop-Keypair,” so that I can use my second computer for gpg, as well. The most likely – and the ONLY GUARANTEED CRISIS – that everyone who lives long enough will face – is a hard drive dying.

    So my main two question [and - please - help me] are:

    1. How do I set up my second computer with these Perfectly-Beautiful keys that you have helped me to create?

    2. Also – specifically – HOW does Anyone – who follows your tutorial – and gets YOUR PERFECTLY-SPECIFIED RESULTS – fulfill the very-important function of mounting the Masterkey – on a usb-stick – in order to use the Masterkey – to sign the keys of others with?

  34. PleaseHelpMeMystie72

    P.S. Please forgive my wordiness. I’m aware – it’s a problem and I’m working on it. Please help with my [above] dilemmas resulting from the first tutorial that has ever gone perfectly for me. I feel in – almost – over my head, but I will set a good example and then teach others. Thanks.

  35. Jim Hickstein

    This is great! At first, though, signatures made with my new signing-only sub-key were not trusted, even though the master key (still in my keyring) was set to “ultimate”. gpg –edit-key showed [unknown] next to my UID. Somehow I managed to clear that up, though it’s very obscure.

  36. d33tah

    Awesome, thanks! The only thing I’d change is replacing the “rm” command with “shred”, otherwise the private key remains on the hard drive.

    I’ve got a question – I already have a GPG key that I uploaded to the MIT keyserver. Knowing that its public part is, well, public, can I still use it as the master key and generate a subkey? Or would it leave a nasty confusing trace in the keyserver and it’s better to revoke it and generate two new pairs?

    BTW, @Klaas, thanks for the comment about expiration – can I change the expiration date if I already uploaded the key to keyservers?

  37. d33tah

    Also, how risky is it to temporarily import the private key onto an online machine? Something tells I’d be too lazy to use an offline computer to sign others’ keys/generate new subkeys (and I don’t really have a spare computer).

  38. Alex Cabal

    @d33tah: When uploading to a keyserver only your public key gets sent, so you should be OK to mess around with the corresponding private key as much as you like.

    If you’re serious (Schneier , Greenwald, or Snowden serious) about security, you should never move your private key to an online machine at any time. If you’re lazy, you can certainly take the risk–the chances of something peeking at it are low to zero, but you never know.

  39. Creating a new GPG key with subkeys | Into.the.Void.

    [...] References https://wiki.debian.org/subkeys https://we.riseup.net/riseuplabs+paow/openpgp-best-practices https://alexcabal.com/creating-the-perfect-gpg-keypair/ [...]

  40. Préparation de la key signing party de jeudi | Fribourg Open-Source Community

    [...] https://alexcabal.com/creating-the-perfect-gpg-keypair/ [...]

  41. 3

    Is it possible to map your subkey-procedure to two ordinary/regular gpg-keys (keypairs)? (Create one ordinary gpg key named secret and one named public. The secret one can sign the public one and the public one is used every day. The secret one plays the role of your subkey.)

    What is the benefit of your subkey-procedure instead of doing this by two or more ordinary/regular gpg-keys?

  42. Alex Cabal

    @3 Sure, I suppose that would work, but then you’d have to manage and sign two entirely different keypairs. I suppose it’s more of a semantic difference than a practical one.

  43. das-g

    @PleaseHelpMeMystie72: What did you do with the files from https://alexcabal.com/creating-the-perfect-gpg-keypair/#exporting-the-final-product ? The first one (*.private.gpg-key) is the “ORIGINAL MASTER signing key” you are looking for. Before signing others’ keys, just (re-)import that file.

  44. Anonymous

    Very nice tutorial. I am not an expert but I also found the following on the debian wiki.

    They state https://wiki.debian.org/subkeys

    “Export the subkeys:

    gpg –export-secret-subkeys SUBKEYID1! .. SUBKEYIDn! > subkeys

    (NOTE: The exclamation marks ! are significant)”

    In your tutorial you don’t have the exclamation marks. Is that important or not.

    Thanks

  45. Alex Cabal

    @anonymous: I think that the method you highlighted in the Debian wiki is asking GPG to export a list of individual subkeys you specify one by one. To export all the subkeys of a certain master keypair, you would have to individually list each subkey by ID.

    The method used in this post exports all of the subkeys of a master keypair at once, without having to specify them one by one.

    The final product should be the same. You might want to use the method used by the Debian wiki if you’re doing this process on a more complex key you created with a different tutorial.

    Please correct me if I’m wrong!

  46. Anson Ng

    After I deleted the key and re-imported the subkeys, should I still use the master keyid for default-key in the gpg.conf or should I change it to the keyid of the signing subkey? For example:

    sec# 4096R/0x1234567890ABCDEF 2014-02-21 [expires: 2016-02-29]
    Key fingerprint = AB9F 87E6 03AC 8BC3 DA13 B71D A8E3 FADC CCAD 23A4
    uid Test Key
    ssb 4096R/0x234567890ABCDEF1 2014-02-21
    ssb 4096R/0x34567890ABCDEF12 2014-02-21

    In gpg.conf, which one should I set:
    default-key 0x1234567890ABCDEF
    or
    default-key 0x34567890ABCDEF12

    Thanks.

  47. Alex Cabal

    @Anson Ng You can use your laptop keypair just like you would a regular keypair, so I imagine the settings would remain the same.

  48. Anonymous

    Thank you for the very well laid out tutorial it was very straight forward and everything worked as outlined. The only thing I am confused about is, even thought when I edit my key and do showpref I get

    Cipher: AES256, AES192, AES, CAST5, 3DES
    Digest: SHA512, SHA384, SHA256, SHA224, SHA1
    Compression: ZLIB, BZIP2, ZIP, Uncompressed
    Features: MDC, Keyserver no-modify

    So I am assuming I set the preferences correctly, but when I sign an email it still shows SHA1. The only way I was able to get that to change was by editing the gpg.conf file ad add

    personal-digest-preferences SHA256
    cert-digest-algo SHA256

    Is that the way it is supposed to be or did I miss something. I thought that gpg should grab the preferences from the key.?

    Also is there a way to verify that encrypted files and/or signed files are using the preferred preferences?

    Thanks

  49. Martin

    Hi there, I have the following problem after going through all these steps.
    I tried to import the secret MasterKey with
    gpg –import name.priv.gpg-key name.pub.gpg-key

    I get the following message (I have to translate to english):
    >gpg –import name.private.gpg-key name.public.gpg-key
    gpg: Key 23B16B91: Is already in the secret keylist
    gpg: Key 23B16B91: $NAME not changed
    gpg: Number of changed Keys : 2
    gpg: unchanged : 1
    gpg: imported secret Keys : 1
    gpg: unchanged secret Keys : 1

    And now, if I want to add a userid or sign a different Key I always get the message:
    gpg: Parts of the secret Key are missing
    gpg: signing failed: General Error

    Also if I do gpg -K after the import I still have the # after the sec.
    What did I do wrong or maybe missunderstood?

    One thing that is working correctly tho, if I delete the Key completly and than import the files, gpg -K gives an output without the #.

    I tested this with Win7 (gpg version 1.4.16) and Debian Wheezy (gpg version 1.4.12)

  50. Gert van Dijk

    Great writeup, especially about the key preferences. I see a lot of people having RSA 4096 bit keys nowadays, but haven’t changed any of the default key preferences.

    I’m still missing the smartcard/token private key storage here. It would be even more secure to have the smartcard/token generate the keypair, without the secret ever have to leave the token.

Leave a Comment