Using a PGP Key Pair

A PrettyGood Privacy (PGP) Key Pair allows the signing and encryption of files and fields.

This howto shows how to install the GNU Privacy Guard and create a PGP Key Pair.

Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for data communication. It’s commonly used for securing emails, ensuring that only the intended recipient can read the message.

Intended usage:

How to install Install PGP and generate a PGP Key Pair

  1. Install GnuPG

    Install PGP using apt.

  2. Generate a PGP Key Pair

    Use gpg command line to generate a Key Pair

  3. Exporting the Public and Private Keys

    Use gpg command line –export and –export-secret-key to export the keys

  4. Deleting the Key Pair

    Use gpg command line –delete-secret-key and –delete-key to export the keys

Install GnuPG

To install in Ubuntu, update the repository and install the package gnupg.

sudo apt update
sudo apt install gnupg

Check GnuPG installation

Check that the GnuPG package has been installed

gpg --version
gpg (GnuPG) 2.2.27
libgcrypt 1.9.4
Copyright (C) 2021 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Generate a PGP Key Pair

There are multiple ways to generate PGP Key Pairs depending on the needs. See How to Manage Your Keys for additional options.

Command line quick generation without a passphrase

Specify the Name of the user, its e-mail address (IT Wonder Lab [email protected]), type of key (default = rsa), key size (default = 3072), and expiration (never).
Parameters –quick-generate-key –passphrase ” –batch are used to avoid questions from gpg.

gpg --quick-generate-key --passphrase '' --batch "IT Wonder Lab <[email protected]>" default default never

Command line detailed generation

For advance selection of algorithm use the interactive key generation

gpg --full-generate-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
  (14) Existing key from card
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: IT Wonder Lab
Email address: [email protected]
Comment: IT Wonder Lab Tutorial 3
You selected this USER-ID:
    "IT Wonder Lab (IT Wonder Lab Tutorial 3) <[email protected]>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy

Command line batch generation

List PGP Keys

Use gpg -k for listing the generated keys

gpg -k
pub   rsa3072 2023-11-14 [SC]
uid           [ultimate] IT Wonder Lab (IT Wonder Lab Tutorial) <d[email protected]>
sub   rsa3072 2023-11-14 [E]

Exporting the Public and Private Keys

Export the keys using --export and --export-secret-key with the email used for the key.

  • ditwl_infradmin_gpg_public.key: The Public Key in Binary format
  • itwl_infradmin_gpg_b64_public.key: The Public Key in base64 format (for Terraform)
  • ditwl_infradmin_gpg_private.key: The Private Key in base64 format
gpg --export [email protected] > ditwl_infradmin_gpg_public.key
gpg --export [email protected] | base64 > ditwl_infradmin_gpg_b64_public.key
gpg --export-secret-key -a ditwl[email protected] > ditwl_infradmin_gpg_private.key

Convert the public key to base64 for usage in Terraform:

cat ditwl_infradmin_gpg_public.key | base64 > ditwl_infradmin_gpg_b64_public.key

Deleting the Key Pair

Use gpg --delete-secret-key and --delete-key with the email used for the key to delete the key pair.

$ gpg --delete-secret-key [email protected]
$ gpg --delete-key [email protected]

Related Cloud Tutorials

Terraform OpenTofu AWS EKS
This how-to demonstrates how to use Terraform to create an AWS EKS cluster and deploy an application along with a Load Balancer on top.
Terraform AWS ECS Fargate
How-to use Terraform or OpenTofu to create an AWS ECS (Elastic Container Service) running in Fargate and deploy a Docker container.
Terraform AWS Identity and Access Management (IAM)
Programmatically creating AWS users using IaC tools like Terraform & OpenTofu
Terraform Kubernetes
How to publish multiple replicas of an Application (from the Docker Registry) and create a NodePort in Kubernetes using Terraform (in 10 seconds)
Terraform Migration to OpenTofu
How to migrate existing AWS Terraform-managed infrastructure that uses remote backend storage (e.g. S3) to OpenTofu.
Javier Ruiz Cloud and SaaS Expert

Javier Ruiz

IT Wonder Lab tutorials are based on the rich and diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, which was later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has more than 20 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

Looking for cloud automation best practices tailored to your company?

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram