Creating a new GPG key

Usefull options for .gnupg/gpg.conf

# Suppress the initial copyright message
no-greeting

# Assume that command line arguments are given as UTF-8 strings
utf8-strings

# Always show long ID's and fingerprints
keyid-format 0xlong
with-fingerprint

# Set what trust model GnuPG should follow
trust-model tofu+pgp

# The default key to sign with. If this option is not used, the default key is
# the first key found in the secret keyring
default-key 0xA06B003FC160B788

Create key and disable AEAD

gpg --full-gen-key
  ...
gpg --expert --edit-key 0xA06B003FC160B788
gpg> showpref
gpg> setpref AES256 AES192 AES SHA512 SHA384 SHA256 SHA224 ZLIB BZIP2 ZIP

See: https://wiki.archlinux.org/title/GnuPG#Disable_unsupported_AEAD_mechanism

Add another UID

If you need to add more than one email address to your key:

gpg --edit-key 0xA06B003FC160B788
  ...
gpg> adduid
  ...
gpg> save

Set primary UID

(Only needed if you’ve added more than one UID as above)

gpg --edit-key 0xA06B003FC160B788
  ...
gpg> uid 1
  ...
gpg> primary
  ...
gpg> save

Add subkey for encryption

gpg --edit-key 0xA06B003FC160B788
  ...
gpg> addkey
  ...
gpg> save

Send new key to key server

gpg --keyserver keys.openpgp.org --send-key 0xA06B003FC160B788
gpg --keyserver hkps://keyserver.ubuntu.com --send-key 0xA06B003FC160B788

Export public key

gpg --armor --export 0xA06B003FC160B788 > mykey.asc
gpg --armor --export > all_mypubkeys.asc

Export private key

gpg --armor --export-secret-keys 0xA06B003FC160B788 > private-key.asc
gpg --armor --export-secret-keys > all_myprivatekeys.asc

Export trustdb

gpg --export-ownertrust > otrust.txt

Import and list keys

gpg --import all_myprivatekeys.asc
gpg --import all_mypubkeys.asc
gpg --list-public-keys
gpg --list-secret-keys

• Source: https://wiki.archlinux.org/title/GnuPG
• Source: https://www.redhat.com/en/blog/creating-gpg-keypairs