GNU Privacy Guard 应用程序允许我们加密和解密信息、创建公共和私有加密密钥以及使用或者验证数字签名。
GPG 基于一对密钥的使用，一个公共密钥和一个私有密钥（或者“秘密”）。
用一个密钥加密的数据只能用另一个密钥解密。
为了加密发送给消息，有人会使用公钥创建一条只能用私钥解锁的消息。
要签署信息，我们可以使用私钥锁定它，允许任何人通过使用公钥解锁来验证它来自我们。

GPG 有几十个添加选项可以微调其可用选项。
在这篇文章中，我们将看到如何在 Linux 上使用 GPG 生成 PGP 密钥。

第 1 步：确认 GPG 版本。

# gpg --help
gpg (GnuPG) 1.4.5
Copyright (C) 2006 Free Software Foundation, Inc.

第 2 步：开始密钥生成过程。
输入以下命令开始生成密钥：

gpg --gen-key
Select the type of key
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)      ## SELECT THIS OPTION
Your selection? 5
Select the key size
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Select the expiration time
Please specify how long the key should be valid.
0 = key does not expire                 ## SELECT THIS OPTION
 = key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
Enter user name and email
You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: 
"[NAME]" (xyz-comment) [USERNAME]@[DOMAIN_NAME].com"
Real name: [Name]
Email address: [USERNAME]@[DOMAIN_NAME].com
Comment: comment
You selected this USER-ID:
"[Name] (comment) [USERNAME]@[DOMAIN_NAME].com"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
Enter passphrase to protect secret key
You need a Passphrase to protect your secret key.
Enter passphrase: ***
Repeat passphrase: ***
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy.
You may see the following message. If you do, follow the instructions and the key generation process will start automatically.
Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 284 more bytes)
..+++++
...+++++
gpg: key F709C771 marked as ultimately trusted
public and secret key created and signed
gpg: checking the trustdb
gpg: 3 marginal(s) needed. 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0m, 0n, 0f, 1u
pub: 2048R/F709C771 2015-05-27
key fingerprint = BDC2 5293 DB14 C218 D2DA 711C EB0A 564A F709 C771
uid [Name] (comment) [USERNAME]@[DOMAIN_NAME].com

请注意，此密钥不能用于加密。
为此，我们可能需要使用命令“-edit-key”来生成子项。
密钥生成完成。
此时，我们已经生成了一个带有可用于签名目的的公钥的私钥/公钥对。
下一步是添加将用于加密的子密钥。

第 3 步：添加用于加密的子密钥。
输入以下命令开始生成密钥：

# gpg --edit-key '[NAME]'
gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
Secret key is available.
pub 2048R/F709C771 created: 2015-05-27 expires: never usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). [Name] (comment) [USERNAME]@[DOMAIN_NAME].com
Enter the edit-key command
Command> addkey
Key is protected.
Enter the passphrase you specified in step 2
You need a passphrase to unlock the secret key for
user: "[NAME] (comment) [USERNAME]@[DOMAIN_NAME].com"
2048-bit RSA key, ID F709C771, created 2015-05-27
Enter passphrase: ***
user: "[Name] (comment) [USERNAME]@[DOMAIN_NAME].com"
2048-bit RSA key, ID F709C771, created 2015-05-27
Select the type of key
Please select what kind of key you want:
(2) DSA (sign only)
(4) Elgamal (encrypt only)
(5) RSA (sign only)
(6) RSA (encrypt only)              ## SELECT THIS OPTION
Your selection? 6
Select the key size
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Select the expiration time
Please specify how long the key should be valid.
0 = key does not expire       ## SELECT THIS OPTION
 = key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) Y
Really create? (y/N) Y

我们需要生成很多随机字节。
在素数生成期间执行一些其他操作（在键盘上键入、移动鼠标、使用磁盘）是个好主意；这使随机数生成器有更好的机会获得足够的熵。

我们可能会看到以下消息。
如果这样做，请按照说明进行操作，子密钥生成过程将自动启动。

Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 277 more bytes)
..........+++++
..........+++++
pub 2048R/F709C771 created: 2015-05-27 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/13DA9D02 created: 2015-05-27 expires: never usage: E
[ultimate] (1). [Name] (comment) [USERNAME]@[DOMAIN_NAME].com
Note, pub is for signing (SC), sub is for encryption (E)
Exit the edit-key editor and save your changes
Command> q
Save changes? (y/N) y

用于加密目的的子密钥生成已完成。
下一步是验证和导出密钥。

第 4 步：列出密钥。
输入以下命令以列出密钥环上的密钥：

# gpg -k
/home/[USERNAME]/.gnupg/pubring.gpg
-------------------------------
pub 2048R/F709C771 2015-05-27
uid Your [NAME] (comment) [USERNAME]@[DOMAIN_NAME].com
sub 2048R/13DA9D02 2015-05-27

第 5 步：以ASCII 格式导出公钥（包括子密钥）。
输入以下命令以列出密钥：

# gpg --armor --output [Name]-pub-sub.asc --export '[Name]'
# cat [NAME]-pub-sub.asc
-----BEGIN PGP PUBLIC KEY BLOCK----
Version: GnuPG v1.4.5 (GNU/Linux)
“[.......Removed the PGP KEY...... ]”
-----END PGP PUBLIC KEY BLOCK----