Again, the default is sufficient for almost all users, and represents an _extremely_ strong level of security.
Choose the key size:
Choose when the key will expire. It is a good idea to choose an expiration date instead of using the default, which is _none._ If, for example, the email address on the key becomes invalid, an expiration date will remind others to stop using that public key.
Creating GPG Keys Using the Command Line
Enter a passphrase for your secret key. The `gpg` program asks you to enter your passphrase twice to ensure you made no typing errors.
Entering a value of `1y`, for example, makes the key valid for one year. (You may change this expiration date after the key is generated, if you change your mind.) Before the `gpg` program asks for signature information, the following prompt appears:
Enter the letter `O` at the confirmation prompt to continue if all entries are correct, or use the other options to fix any problems.
Enter your name and email address. _Remember this process is about authenticating you as a real individual._ For this reason, include your _real name_. Do not use aliases or handles, since these disguise or obfuscate your identity.
Enter your real email address for your GPG key. If you choose a bogus email address, it will be more difficult for others to find your public key. This makes authenticating your communications difficult. If you are using this GPG key for https://fedoraproject.org/wiki/Introduce_yourself_to_the_Docs_Project[self-introduction] on a mailing list, for example, enter the email address you use on that list.
Enter `y` to finish the process.
Finally, `gpg` generates random data to make your key as unique as possible. Move your mouse, type random keys, or perform other tasks on the system during this step to speed up the process. Once this step is finished, your keys are complete and ready to use:
gpg --fingerprint johndoe@example.com
gpg --full-generate-key
In almost all cases, the default is the correct choice. A RSA/RSA key allows you not only to sign communications, but also to encrypt files.
Is this correct (y/N)?
Now see <<backup-gpg-keys-cli>>. Make sure to back up your revocation keys for all active keys as this allows to revoke keys in the event of lost passphrase of key compromise.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
Your selection?
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Press the kbd:[Enter] key to assign a default value if desired. The first prompt asks you to select what kind of key you prefer:
pub rsa3072 2021-02-09 [SC] [expires: 2022-02-09]
uid John Doe (Fedora Docs) <johndoe@example.com>
sub rsa3072 2021-02-09 [E] [expires: 2022-02-09]