1. boost random number generation with rng-tools

In the future step while generating there will be a question about keysize.
By default its offering 2048 bits but we want 4096 bits.
Selecting a bigger value will enforce a bigger entropy so a boost is needed.
rng-tools are useful to increase the quantity of entropy in kernel to make /dev/random faster.

Luckyly they are in the official repo:

desktop ~ # apt install rng-tools

Configuration is quite simple
/etc/default/rng-tools

HRNGDEVICE=/dev/urandom

Restart is needed

desktop ~ # /etc/init.d/rng-tools restart
Stopping Hardware RNG entropy gatherer daemon: 
rngd.
Starting Hardware RNG entropy gatherer daemon: rngd.

2. install gpg and additional tools

Decided to use gpg (GnuPG) 2.x so just install with:

desktop ~ # apt install gpgv2

3. generate initial keypair

Example creation process

natur@desktop ~ $ gpg2 --full-gen-key
gpg (GnuPG) 2.1.11; Copyright (C) 2016 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/home/natur/.gnupg' created
gpg: new configuration file '/home/natur/.gnupg/dirmngr.conf' created
gpg: new configuration file '/home/natur/.gnupg/gpg.conf' created
gpg: keybox '/home/natur/.gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: John Doe
E-mail address: john@doe.com
Comment: 
You selected this USER-ID:
    "John Doe <john@doe.com>"

Change (N)ame, (C)omment, (E)-mail or (O)kay/(Q)uit? O

<password>

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilise the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

<re-type password>

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilise the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /home/natur/.gnupg/trustdb.gpg: trustdb created
gpg: key 6D57C73F marked as ultimately trusted
gpg: directory '/home/natur/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/natur/.gnupg/openpgp-revocs.d/EB06ACC9373E1616A67C8ADADD3935486D57C73F.rev'
public and secret key created and signed.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: PGP
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   rsa4096/6D57C73F 1970-01-01 [S]
      Key fingerprint = EB06 ACC9 373E 1616 A67C  8ADA DD39 3548 6D57 C73F
uid         [ultimate] John Doe <john@doe.com>
sub   rsa4096/BFAE75A0 1970-01-01 []

4. submit the keys

gpg --keyserver pgp.mit.edu --send-keys BFAE75A0

5. sign others

  • fetch key from the key server (via their pub id)
gpg --keyserver pgp.mit.edu --recv-keys <id>
  • edit that key and type in 'SIGN'
gpg --edit-key <id>
  • type in 'sign'

  • check fingerprint and their id

  • push the signature to the keyserver

gpg --keyserver pgp.mit.edu --send-keys <id>
  • alternatively, export this and send it to them in an email.

Troubleshooting

- gpg: agent_genkey failed: Operation cancelled

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilise the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Operation cancelled
Key generation failed: Operation cancelled

SOLUTION: Just install/configure/restart rnd-tools

- gpg: agent_genkey failed: Permission denied

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilise the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: agent_genkey failed: Permission denied
Key generation failed: Permission denied

SOLUTION:

natur@desktop ~ $ ls  -la $(tty)
crw------- 1 bart tty 136, 2 sie  2 13:08 /dev/pts/2
natur@desktop ~ $ logout
Hasta la vista, baby. See you next time...
desktop ~ # chmod o+rw /dev/pts/2