2014-03-25

Generating a PGP key for Retroshare

So, exactly a month ago I've been playing around with Retroshare. I liked the idea that you use your PGP key as an identifier, but soon hit a brick wall: my key had sub-keys. Specifically, a sub-key for encryption. I posted the issue to Retroshare's Twitter and they shortly after confirmed my issue. I had no idea how to create a plain, no-subkey PGP key. But it's so simple!

First, open a Terminal and run gpg with the --gen-key ("generate key") parameter.
gpg --gen-key
You will be given a choice.
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Enter 4. Next, it will ask for the size of your key. Default is 2048, but I suggest 4096. Now it will ask you for the expiration date. You don't have to set one, but it's good to have, if you plan on creating a new key at some point, maybe because of increased security standards like keylengths of 6144 or different key formats or ciphers. That way people are forced to check for a newer key.
You have to enter a name, e-mail and optionally a comment. Confirm the data input with o and enter your passphrase twice. Your key will now be generated.
You will see something like:
gpg: key 968328E7 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   7  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 7u
gpg: next trustdb check due at 2018-08-11
pub   4096R/968328E7 2014-03-25
      Key fingerprint = 9F72 21B4 671F F9B1 D6E3  CEA6 17E8 DFDF 9683 28E7
uid                  Sāfto Rangen <orangensaft@kriswema.de>
It's time to export your key!
gpg -a --export 968328E7 > 968328E7.asc
gpg -a --export-secret-keys 968328E7 >> 968328E7.asc
This will create a combined public/secret keyfile called 968328E7.asc which you can use with Retroshare.