GPG


The Basics

List all your keys.

gpg -K
gpg -K --keyid-format=long # Long version shows the key id

Create a new key.

gpg --full-generate-key

Isolation

Gpg has a global configuration directory where all the keys go by default which can make it hard to manage subkeys.

mkdir /tmp/gpg
sudo mount -t ramfs -o size=2M ramfs /tmp/gpg
sudo chown "$USER:$USER" /tmp/gpg
gpg --homedir /tmp/gpg --import /path/to/other/keys
gpg --homedir /tmp/gpg --list-secret-keys

It is best practice to keep a root signing key in an air-gaped environment and to use it to sign additional encryption keys called subkeys.

References