First Time GPG

Preparations

Before we start, let's prepare some stuff before we create a GnuPG web-of-trust.

Purpose of the Key

Before charging towards creating the key, you need to ask yourself what is this key for and the timeless ownership as well. Remember, this is an identity; people can still recognize your work even if you left the world.

If you are surely owning 100% of the key, great! That means you'll be creating 1 primary key for your own.

If the ownership is shared, be in your significant others or your company, that means you'll be creating 2 primary keys:

• 1 is for your 100% ownership, for your own
• 1 is for shared ownership key

Real Name per NRIC

Now I know that raises a concern when you need a real name. That is because it is your first key: it needs to be real in order for others to trust you. Yes you can spin another primary key with some funky nickname later and then have it signed by your real identity master key.

Corresponding Email

PGP and GnuPG system uses email as an address for your web identity. You can use the most active email address corresponding to the identity.

Backup Storage Location

This is a tough question: you should decide now where do you want to store your master key. You can refer to Backup GPG Primary Key section to get some recommended idea.

Why upfront? Because it will reduce the learning curve when you're half way learning the GnuPG. I recommend LastPass as I personally used and tested it myself. You can setup your backup choice now before proceeding.

A Very Long And Secure Passphrase

When I say long and secure I mean something like:

d7vSNpF^0NElf@hFe#^qp&BanVo14P#BP

Wh@t15G0ingOnW1thT][isPrOmptsARGH

Why the long gibberish? Because this is your last line of defense when the master key dropped into the wrong hand. If you're using LastPass as your storage solution, this shouldn't be a problem. A good and long password has these attributes:

1. 33 characters minimum
2. minimum 1 lowercase alphabet (a-z)
3. minimum 1 UPPERCASE alphabet (A-Z)
4. minimum 1 number (0-9)
5. minimum 1 symbol (@#%^!&)

Why? You can read my research paper here if you want to learn more.

Create Your First Primary Key

When you are done, let's proceed to create your 100% ownership primary key.

Create Necessary Sub-Key

Once you have your master primary key, you need to create new subkey like signature or encryption for consumption. The minimum is:

1. One signature subkey
2. One encryption subkey

Set Encryption Preferences

Now that we have the master key ready, it's time to set the settings. One critical item would be setting the default cipher algorithm for hashing and encryption. To do that, you can refer to Specification - Encrypt: Set Default Cipher Algorithm.

Backup Master Secret Key

You're pretty much done. This is your 100% ownership key. It's time to back u the master key. To do that, you need to do 2 steps:

Export the Secret Key with All Sub-Keys

You first need to export the master secret key with all the sub-keys into a key file. I recommend use --armor argument for human-readable text-only format. That is commonly used version.

Backup

You can refer to Specification - Backup section.

Distribute Your Public Key

Now that your master key is ready, it's time distribute its public key to the known key-servers.

All right! Now you're done creating your first web identity! If you need to create a shared ownership key, you may restart again but with the shared ownership information.

Now that you know you have created your keys, I recommend you to learn up GnuPG for your next step, at least, in-depth to avoid pitfall. I wrote the specifications for in-depth learning. You can try it out with "Jane Smith" identity and understand deeply how GnuPG works across the world (but please don't distribute "Jane Smith" key into the internet. You can skip those.).

Cheers!

Once again, welcome to using GnuPG.