What is GPG
Paraphrasing from the Arch Wiki, GPG is basically an implementation of PGP (Pretty Good Privacy)/ RFC 4880. You can use it to sign stuff, encrypt stuff, and authenticate yourself (eg over SSH or S/MIME).
Using GPG for SSH
-
Generate Master Key
-
This is the key you’ll use to create subkeys. As such you’ll want to keep this safe somewhere
-
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
$ gpg --full-generate-key --expert
gpg (GnuPG) 2.4.3; Copyright (C) 2023 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC (sign and encrypt) *default*
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
(14) Existing key from card
Your selection? 11
|
- We want to pick ECC, since that’s the more secure algorithm of these
-
Next, we want to disable signing, since we’ll only use this key to make more keys (i.e. we’ll be certifying other keys) |