Best practice for generating a secure PGP key (EdDSA)

Best practice for generating a secure PGP key (EdDSA)

Xanny.eth

Step one, create the main key:

gpg --quick-generate-key 'Anon email@email.email' ed25519 cert 5y

Feel free to edit or remove “5y” to change or not use an expiration date.

Next, save the key fingerprint without spaces to an environment variable:

KEYFP=123456789ABCDEF0...

Now add subkeys for signing, encryption, and authentication:

gpg --quick-add-key $KEYFP ed25519 sign 5y
gpg --quick-add-key $KEYFP cv25519 encr 5y
gpg --quick-add-key $KEYFP ed25519 auth 5y

(note: expiration should be added for each subkey if you added expiration to the primary one)

View public key:

gpg --export -a $KEYFP

View private key:

gpg --export-secret-key -a $KEYFP


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org