Creating GPG Keys
This document explains in detail how to obtain a GPG key using common Fedora utilities. It also provides information on managing your key as a Fedora contributor.
Making a Backup
Making Your Public Key Available
When you make your public key available to others, they can verify communications you sign, or send you encrypted communications if necessary. This procedure is also known as _exporting_.
See <<copying-public-gpg-keys-manually>> to a file if you wish to email it to individuals or groups.
Safeguarding Your Secret Key
Treat your secret key as you would any very important document or physical key. (Some people always keep their secret key on their person, either on magnetic or flash media.) If you lose your secret key, you will be unable to sign communications, or to open encrypted communications that were sent to you.
Hardware Token options
If you followed the above, you have a secret key which is just a regular file. A more secure model than keeping the key on disk is to use a hardware token.
There are several options available on the market, for example the https://www.yubico.com/products/yubikey-5-overview/[YubiKey]. Look for a token which advertises OpenPGP support. See https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/[this blog entry] for how to create a key with offline backups, and use the token for online access.
Additional resources
https://www.gnupg.org/[GPG home page]
https://www.gnupg.org/documentation/[Official GPG documentation]
https://en.wikipedia.org/wiki/Public-key_cryptography[Wikipedia - Public Key Cryptography]
See a typo, something missing or out of date, or anything else which can be improved? Edit this document at https://pagure.io/fedora-docs/quick-docs[quick-docs's git repository].