Gen Key command done correctly

Robert J. Hansen rjh at
Tue Nov 6 02:12:23 CET 2007

Robert D. wrote:
> When I used gen-key, I got one, but at the end was told that I'd need to
> generate a  sub-key that I could use to actually encrypt.

GnuPG uses "key pair" in two distinct senses.  One of them means a
public/private pair; and the other means two sets of public/private
keys, one set used for encryption and one set used for signing.  To
disambiguate, I'll refer to the latter as a key set, and a
public/private combination as a key pair.

By default, GnuPG only creates key sets for DSA/Elgamal keys.  It
creates a DSA key pair for signing and an Elgamal key pair for encryption.

For RSA keys, GnuPG only creates a single key pair--a signing pair.

gpg --edit-key <key ID> addkey
<enter your passphrase>
<enter desired key size>

... and so on, and so on, and you'll have an encryption key pair added
to your signing key pair, making it a completely usable key set.

More information about the Gnupg-users mailing list