Janik von Rotz

2 min read

Create GPG Keys

This post is part of my Your own Virtual Private Server hosting solution project.
Get the latest version of this article here: https://gist.github.com/9543913.


GPG keys are used for symmetric key encryption. GnuPG is the most common tool to create such keys.



Change the shell context to the user which uses the new GPG keys.

su [user]

Or use the root user.

sudo su

Give your server some work, otherwhise gpg won’t be able to generator random bytes.

sudo rngd -r /dev/urandom

Genrate the gpg key.

gpg --gen-key

Answert the prompts.

Your selection?: (1) RSA and RSA (default)
What keysize do you want?: 2048
Key is valid for?: 0 = key does not expire
Is this correct?: y
Real name: [firstname] [surname]
Email address: [mail]@[example.org]
Change ... (O)kay/(Q)uit?: O
Enter passphrase: [gpg passphrase]
Repeat passphrase: [gpg passphrase]

Kill the rngd task.

sudo service rng-tools stop

Show the new GnuPG keys.

gpg -k

The gpg key id is displayed in the line pub 2048R/>>C58886FB<< 2014-03-14

Export the public key into a text file and back it up in a secure place.

gpg --armor --export -a [gpg key id] > [firstname][surname][server name]#public.key

Export the private key into a text file and back it up in a secure place.

gpg --armor --export-secret-keys -a [gpg key id] > [firstname][surname][server name]#private.key

Exit the user shell context if you have switched to another user.


Store the gpg passphrase in a secure place f.g. KeePass Password Safe.


Unattended, Encrypted, Incremental Network Backups by Kellen Ubuntu: How to create a lot of entropy for GPG key generation from command line

Categories: Web server
Tags: encryption , gnupg , gpg , private key , public key
Improve this page
Show statistic for this page