Generates GPG keys as described in drduh/YubiKey-Guide, specifically the Master key and Sub-keys sections.
Getting started with GPG is a lot of work. I found the key generation procedure in guides like this one a particularly manual and thus error-prone part of the process. So I wrote this program to automate it.
Given a name, address and password of your choosing, keygen generates a
4096-bit RSA GPG key with the following structure:
- a master key that can only certify and will not expire;
- a subkey that can only sign and will expire in one year;
- a subkey that can only encrypt and will expire in one year;
- a subkey that can only authenticate and will expire in one year.
In addition, keygen generates a revocation certificate for the master key.
Note that subkeys expire 366 days from creation time to avoid surprises in leap years.
Don't. Verify the generated key and certificate!
Check the Verify section of @drduh's guide to see what the key should look like. Then run the following to check your key without importing it:
$ gpg --import-options show-only --import <key file or certificate file>When you're satisfied, import the key as follows. Do not import the revocation certificate at this point - doing so will revoke the key you just created!
$ gpg --import <key file>