Create and delete GPG keypair | Introduction to GnuPG

GnuPG, popularly known as GPG, is an extremely versatile tool, being widely used as the industry standard for encryption of things like emails, messages, files, or just anything you need to send to someone securely.

Introduction to GnuPG

GnuPG is a hybrid encryption software module that uses OpenPGP at its core. PGP stands for Pretty Good Privacy. It is a tool for secure communication that provides authentication and cryptographic privacy for data communication.

GPG uses public key encryption wherein you create a key pair: one private or secret key you keep to yourself and one public key you share with your correspondents or the world. The important part of this two-key system is that neither key can be calculated by having the other. They are each an independent and necessary part of the system and are based upon solid mathematical foundations.

Prerequisite

• A computer with gnupg installed on it.
  Download and install the latest version of the GPG command line tools for your operating system if you haven't yet.

Generating a GPG key pair

To start working with GPG you need to create a key pair for yourself.

• Use gpg with the --full-generate-key option to create a key pair.
• With this option, gpg creates and populates the ~/.gnupg directory if it does not exist.

gpg --full-generate-key

Copy

$ gpg --full-generate-key
gpg (GnuPG) 2.2.39; Copyright (C) 2022 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/home/castor/.gnupg' created
gpg: keybox '/home/castor/.gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
  (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 2
Key expires at Tue 01 Nov 2022 09:29:11 AM +0545
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: yogesh
Email address: castor@whoisyoges.eu.org
Comment: just a test key
You selected this USER-ID:
    "yogesh (just a test key) <castor@whoisyoges.eu.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/castor/.gnupg/trustdb.gpg: trustdb created
gpg: directory '/home/castor/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/castor/.gnupg/openpgp-revocs.d/036A752DE9DF5516B33E87BE33C05B4624890348.rev'
public and secret key created and signed.

pub   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid                      yogesh (just a test key) <castor@whoisyoges.eu.org>
sub   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Sharing your public key

You need to share your public key so that people can encrypt and send any message and files to you which can be decrypted using only your private key.

List the key pair

gpg --list-keys

Copy

$ gpg --list-keys
/home/castor/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid           [ultimate] yogesh (just a test key) <castor@whoisyoges.eu.org>
sub   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Getting your public key

gpg --armor --export <id>

Copy

$ gpg --armor --export 036A752DE9DF5516B33E87BE33C05B4624890348
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGNd8zcBEACpJLknkdJmlJ9FWnyc6W/mMBuv/DD9ECF4DB45+2mFhPc21bYW
nKHZosvtmwBIYHArU6xlHkaOlL2K3Rda7zzwRXB+LzQNqWv0GxN2ukzbS3yixGBg
s8yDTa4SM1KFBXuLe6j+x0t0/M7p4yD0tTtK1zCIheel2pkWZ8djHqzvboj34ZN9
5nlxTKSTDbsPOOrrD9Y9nM/RVKdkklHT1esWc25i9rSHwJ0ds0F3F17mCIt+rRpl
tm2vTD7Ml5Le5cR8FAz/VBhSltDANtWjr4PtUncuwlUU9wFu6zUGMxzsoxLUXkZp
bB+geMhnbE8Sk1kyYILExaoLcQZ9GmsmBwYc7n1lgWCCNdwuVh26CgQu2Y96VTaC
/lJMe+j/HlkZKgZwPJd8JL7kxCvL3zYCsnJ4KPTMxUpgSp5JaUOGm5+mNsR2O98u
EC8LGU5TplfE7TEsr7IvNH5Dq+XQHaTv54iOJyUDICZMmQyp32nhc7LAvWzRsxDU
Axsx2lsJzrZC/SkD7Kd7gZPGyA0i3KHNDWqq8YbGFIAv3uv+pvw26WKjvTLgm1d5
5oKEYOGEJa/LZAco3O2Mbl7sKMB7bpFcV4Q3Ff26rsp7oSCxU4C66pSdZdpAEQSY
nnoCsmTtNUIVbyNU9S5lwOwQrWX7IOcfTuGALNq1yW7LnOZimKoGblCBxQARAQAB
tDN5b2dlc2ggKGp1c3QgYSB0ZXN0IGtleSkgPGNhc3RvckB3aG9pc3lvZ2VzLmV1
Lm9yZz6JAlQEEwEIAD4WIQQDanUt6d9VFrM+h74zwFtGJIkDSAUCY13zNwIbAwUJ
AAKjAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAzwFtGJIkDSLgsEACRqvg6
2Bcglte32vQNz5tHWqqKmmtSuJsXaxgIYjg+eKvkJrRW3QLK+YpiHYvyTDZLjq0/
VCFbCL3We9CFr3fgdXP1t0svhkidzHyyoe9WihMvxSVqnNKz1kU2NSldsoNmn32p
VeXOFRI84uCbWFa/XMwMryJkOagQQkveK4uTbULjzcSaOGILJEQY6kjo9cQAoPHX
G9gdfva4Ik8cITVRvS6jISEDPF4atHsiOJ/RDUlVhPLdoWpgfmaJgAybLHbOEfJb
i/jxz4TCvR/q9z7yT5Znc9R8yHgrU2EKoK5rj0bmmCpYH/eYDkehId07on8/XXxh
VC15ydz1RqQzLcEx8ZUMRZ4nqW+6TfIrv4lyvVi2eJbodc0iKqTL7blFaWA3bvHu
X6ZPm+C3MzUP2tt3gvWrkfDJrn536Xrjt8r2P0W4BFT7tBiFFp4UNUxeS+ghVlJl
zkMvvgccpEpn2HHHU8BLMgdtPHKtLmJXNLK44cgXBb/lhS8DCusnzKB9dSFUliTS
WuC/ZUMgUFjL2TrnLbsUdQiSIwYsascqoCArcAd2++FBYTrD2yswv6ir+FzEUqjW
KPa76oCrDgD34aG4nJa67xjXWVnahg87SljxP3d3S/6q0+4RYC+I7uMmGeTxzdnZ
WAVL/7vFq7Hbmgvpx3YJj9LRJwQYUiQZpK+rDrkCDQRjXfM3ARAAo0Mlc25OPWJE
lQr/rEmCRTh5z8GejVPN4JL7rv2sqe+rctHxbjvofwH35ThInGfuq6Noq4l6r40F
yHIUuib0MZZLTAifgZGS5YyNlB54x258JdcY5C6eENaV9G5Gqz3UpMdXOs/jxzmh
h3sPKLhFiDhRAylj2o78BZdIPsxGa7xNn0/HLkdJ7zwyUGaoMwM+Ps3xHEA8kfA7
daCHhkzCx4G8PGs2LXNkSMW51Km0ZCE9gyk1COL2TxCaniCy9PxcIbGd/SZYUf89
5RAXz7aBtPIYt1OhXAItvM+b00XLBxxGtRIb1Nyo7pwbqT72dIPXiMPBf0OK7Vbq
JDUFiCIRsKTolUm2MCOcboGhgBxfR6uIUMOKXY2d3aer/7UkWHe/6y7+sGHkWBaf
MUjqbAMPDBjKk2b6OodalQr8oyxZ79d5z2D4gBooxKpJA2NS5UOUaLBPtB83POfw
5otQJk2RlnlWmV6MVQolwg+IXiRZQVkzJ0mazZ6eEwP/EcZPpXur8LT6W2mo+rN2
g8qC2nCRZUQ842PoNi9L5ug1fRsaiTYhC4pXUppBbY3Sp8GFuTxP9FhWhK2j2sX2
xdDRmqDWePjimPZ4tzBBQalCLj0kuO8PtfChuWXk2Ro/hEg59mPxOTR9uyLtZrPF
wOM7KIgPondEa/lYP9JFoaTCm3ktGi8AEQEAAYkCPAQYAQgAJhYhBANqdS3p31UW
sz6HvjPAW0YkiQNIBQJjXfM3AhsMBQkAAqMAAAoJEDPAW0YkiQNIYl4P/0yIj7WK
hNyJtgKHv5QMEtbD3lL6IPNcUnEddbrCDuQD+/CCb02Af9IG5wwuPlSIpBa2Nh4r
NZrTkcPVitqaRdNPVTAeCFXGNnY+vMzbGBYHh+ajX6/b1YCmNKtTC37FH8G6GAOl
Hvi1xYhP/jFNoX5ftkVNU6MJi2bfJx98jRSYk/fhjAc/bG7YpLR/4B/U7/4Q4YAF
u+OrrJOeYRz7OfuBaFBIO2E34nDyd6hxdjR6fOThidlyzPOgkOEc6OB3R/IeKN69
i0ASLp/SJSpL25FE2r1olrxR8FMZnnAMe10T8fE5oRtKR5crmq58SdKQSW6DFh6O
FcL/2LOLDJn7Dazto/pvgFVF9kJ89bZhcJdyVaUkP5T6W3qW7nSNvkKCfBI+shUT
gvSue/AqzhCTh4pXR9xO7SYNbXku9J1h0VXNpmH3U2z4GODhYzeeq1+e1QmOFVCR
zRb/45/Tf4WT/rHMfFzCOzmLW9IsH8k8yfi6gxmOEdRHOIqLqmf9Dgc2+KKnPWhO
NodtiJD3ZN1f3krdy22bAIzOlfm5cb7hWoUBcRWqk76ZWcmIndffl2cc8MFaFcV3
GNyVJ+vbeBq1mCC/pQPqxwmkvwOmywdu9dDUoXH7+S4EXtwPDSlbS3bQBU1KqSMr
igXd7Kt4qERYzmc1NLbHG7/H/DV6KyxuJ4dJ
=oYnT
-----END PGP PUBLIC KEY BLOCK-----

Just copy the output starting from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK----- and send it to anyone who need to send you an encrypted message.

Deleting the needless key

Assuming you don't need the keys anymore or if the key has been expired and you wish to delete it, here's the procedure:

Delete secret/private key

First we should list if there are any secret keys available for the respective user and delete it if exists before deleting the public key.

Checking private/secret key

gpg --list-secret-keys

Copy

$ gpg --list-secret-keys
/home/castor/.gnupg/pubring.kbx
--------------------------------
sec   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid           [ultimate] yogesh (just a test key) <castor@whoisyoges.eu.org>
ssb   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Deleting private/secret key

gpg --batch --delete-secret-keys --yes <id>

Copy

$ gpg --batch --delete-secret-keys --yes 036A752DE9DF5516B33E87BE33C05B4624890348

Verify the private key deletion

gpg --list-secret-keys

Copy

The deleted secret key shouldn't exist anymore.

$ gpg --list-secret-keys

Delete public key

Checking available public key/s

gpg --list-keys

Copy

$ gpg --list-keys
/home/castor/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2022-10-30 [SC] [expires: 2022-11-01]
      036A752DE9DF5516B33E87BE33C05B4624890348
uid           [ultimate] yogesh (just a test key) <castor@whoisyoges.eu.org>
sub   rsa4096 2022-10-30 [E] [expires: 2022-11-01]

Deleting public key

gpg --batch --delete-keys --yes <id>

Copy

$ gpg --batch --delete-keys --yes 036A752DE9DF5516B33E87BE33C05B4624890348

Verify the public key deletion

gpg --list-keys

Copy

The deleted public key shouldn't exist anymore. If you have more than one key, the remaining keys will be shown.

$ gpg --list-keys
gpg: checking the trustdb
gpg: no ultimately trusted keys found

SHARE ON

Facebook Twitter LinkedIn

VIEW ALL POSTS