secure gpg keys

I (re-)created gpg-keys.
Here my recommended steps:
1. First create one or more keys:
There are many tutorials, I recommend the one mentioned in my last post:

2. List all keys:
gpg –list-secret-keys

now save each:
2. export the public-key as a text-file. This can be distributed without being afraid of mail-filtern, etc.:
gpg -ao pubKey_.asc –export
where stands for either the short-ID of the key or the associated email-addresse.

3. The most important step: create a “revokation certificate”! So that you can revocate your published key at any time (maybe you forget the passphrase). This is only possible using the passphrase and the private key!
gpg -ao revokeCert_.asc –gen-revoke

4. Optionally save the private key in a ASCCII-file. The file is, of cause, encrypted using a passphrase. Store it very secure (you can even print it).
gpg -a –export-secret-keys | gpg -aco privKey_.asc

5. Now publish your key(s) to a key-server. It is sufficient to publish it to one server – the server distributes it to all other server.
gpg –send-keys

… while trying around I made a mistake and deleted my key prior revoking the key. Now the wrongly published keys are stored online for all eternety and will confuse people, who look for my key.
So, please, do not use these keys, as they do not exist anymore:


Leave a Reply

Your email address will not be published. Required fields are marked *