So, exactly a month ago I’ve been playing around with Retroshare. I liked the idea that you use your PGP key as an identifier, but soon hit a brick wall: my key had sub-keys. Specifically, a sub-key for encryption. I posted the issue to Retroshare’s Twitter and they shortly after confirmed my issue. I had no idea how to create a plain, no-subkey PGP key. But it’s so simple!

First, open a Terminal and run gpg with the --gen-key (“generate key”) parameter.

gpg --gen-key

You will be given a choice.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)

Enter 4 . Next, it will ask for the size of your key. Default is 2048, but I suggest 4096. Now it will ask you for the expiration date. You don’t have to set one, but it’s good to have, if you plan on creating a new key at some point, maybe because of increased security standards like keylengths of 6144 or different key formats or ciphers. That way people are forced to check for a newer key.
You have to enter a name, e-mail and optionally a comment. Confirm the data input with O and enter your passphrase twice. Your key will now be generated.
You will see something like:

gpg: key 968328E7 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   7  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 7u
gpg: next trustdb check due at 2018-08-11
pub   4096R/968328E7 2014-03-25
      Key fingerprint = 9F72 21B4 671F F9B1 D6E3  CEA6 17E8 DFDF 9683 28E7
uid                  Sāfto Rangen <>

It’s time to export your key!

gpg -a --export 968328E7 > 968328E7.asc
gpg -a --export-secret-keys 968328E7 >> 968328E7.asc

This will create a combined public/secret keyfile called 968328E7.asc which you can use with Retroshare.