Skip to content

Commit 9e757aa

Browse files
OcramiusOcramius
authored
Merge pull request #102 from glensc/patch-3
Improve documentation for gpg subkey creation
2 parents 7b43129 + ebe3af4 commit 9e757aa

File tree

1 file changed

+12
-10
lines changed

1 file changed

+12
-10
lines changed

README.md

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -44,13 +44,14 @@ in the GitHub Docs.
4444

4545
#### Using a subkey from an existing GPG key
4646

47-
First open your master key for editing:
47+
First open your master key for editing (use `--list-keys` to find it):
4848

4949
```bash
5050
gpg --edit-key "<YOUR MASTER KEY ID>"
5151
```
5252

53-
Type `addkey` and select signing or s for capabilities. RSA key type is recommended for greatest compatibility.
53+
Type `addkey` and select a type that is for signing, you might be asked about bit size depending on your choice.
54+
When deciding over key expire, avoid setting to never expire, as recommendation of key bits will change over time.
5455
Type `save` to persist the new subkey to your master key. Make a note of the Key ID as you will need it in the next step.
5556

5657
Next export the new sub key:
@@ -69,41 +70,42 @@ You can skip this if your master key is not password protected.
6970
To remove the password from the subkey, create an ephemeral gpg home directory:
7071

7172
```bash
72-
mkdir /tmp/gpg
73+
install -d -m 700 gpg-tmp
7374
```
7475

7576
Ensure that it works with gpg:
7677

7778
```bash
78-
gpg --homedir /tmp/gpg --list-keys
79+
gpg --homedir gpg-tmp --list-keys
7980
```
8081

81-
You can ignore the warning about unsafe directory permissions.
82-
8382
Import your subkey:
8483

8584
```bash
86-
gpg --homedir /tmp/gpg --import private.key
85+
gpg --homedir gpg-tmp --import private.key
8786
```
8887

8988
Enter edit mode:
9089

9190
```bash
92-
gpg --homedir /tmp/gpg --edit-key <SubKey ID>
91+
gpg --homedir gpg-tmp --edit-key <SubKey ID>
9392
```
9493

9594
Type `passwd`, entering your current password and then set the password to "" to remove it.
9695

96+
The command may give error `error changing passphrase: No secret key` when setting empty password.
97+
You should ignore it as the password was really removed.
98+
9799
Type `save` to exit edit mode and re-export your subkey:
98100

99101
```bash
100-
gpg --homedir /tmp/gpg --output private.key --armor --export-secret-subkeys "<SubKey ID>!"
102+
gpg --homedir gpg-tmp --output private.key --armor --export-secret-subkeys "<SubKey ID>!"
101103
```
102104

103105
Finally, remove the ephemeral directory:
104106

105107
```bash
106-
rm --rf /tmp/gpg
108+
rm --rf gpg-tmp
107109
```
108110

109111
You will now need to export your master public key with the new subkey public key to the file `public.key`:

0 commit comments

Comments
 (0)