GPG: Creating your identity

Tue 14 Sep 2021

GPG is a great tool to master. Even if basics. Tools like this become more relevant with each day. This article will get you through creating your first identity. After that we will make it publicly available on a key server.

In another article we will go through using that key to sign your commits. Another application could be signing your emails with it. You can make your own password manager. You can use keys to encrypt messages or files directly, like in our backup article where we use GPG keys to encrypt our backups. Well, lets get started!

GNU: GNU Privacy Guard

Easily the most widely adopted encryption tool in the free(dom) and open-source software space. I must admit that getting started might be a daunting task. You won’t regret doing so. It’s a great skill to master and important to understand the basic concept. I won’t dive deeply into the history of GPG as there is a lot of information out there that will do much more justice to this great piece of software. The official website is a great place to start.

There is a difference between GPG and GPG2. You should research the differences and use whatever fits your needs. That said, before you start you should check the installed version. gpg --version will tell you. Modern desktops are shipped with the gpg2 binary. It offers a larger feature set, for example there are modules for X.509 (used by S/MIME for email encryption).

Creating a identity

GPG uses key-pairs. A key-pair consists of a public and private key. Your public key is the part that you share with others. This can safely be shared. The private key, hence the naming, is to be kept secret and private. Do not share this with anybody without good reason. GPG has a nice wizard that will ask you for all the necessary details to create your identity.

To create a identity simply run:

# Generate an identity
rob@Rathalos ~ $ gpg2 --full-gen-key

# Trust this key, up to you to trust it either 4 or 5
# You just made this key and it is your own so it's safe
# To trust ultimately.
gpg2 --edit-key 3127C2HJ

# List your keys (to verify after creating)
rob@Rathalos ~ $ gpg2 --list-keys

When setting up your identity I highly recommend backing up your keys. I’ve got a article about this if you want to check it out. Now that you have created your own key it is time to make it known to the world!

Uploading to a key server

A public key server is great when you want to easily share your public key. It will also allow you to build a web of trust. We are going to use Ubuntu’s key servers. They are a well known and reputable key server. They have a excellent guide on how to upload your key. We will make it short by giving you the essentials.

# Send your key to ubuntu's keyserver (replace with own key id)
rob@Rathalos ~ $ gpg2 --send-keys --keyserver keyserver.ubuntu.com 3127C2HJ

After you have send your key you can check it here.