Create a GPG Key (With SSH Support!)

Create the Initial Key

gpg --expert --full-generate-key

Edit the Key

gpg --expert --edit-key $KEYID

Add UIDs

Add a Signing Subkey

Add an Authentication Subkey

Add an Encryption Subkey

Finish Up

Be sure to save the key before exiting.

Remove the Primary Key for Safe Keeping

# Export keys
gpg --armor --export-secret-key $KEYID > $KEYID.asc
gpg --export-secret-subkeys $KEYID > subkeys.gpg
# Delete secret keys (BOTH primary and subkeys)
gpg --delete-secret-keys $KEYID
# Re-import secret subkeys
gpg --import subkeys.gpg
# Optionally verify that eveything worked...
gpg --list-keys
gpg --list-secret-keys
# Cleanup
rm subkeys.gpg

Once this is done, $KEYID.asc can be stored “offline” on a secure (encrypted!) drive, etc. Note that this key will need to be re-imported to generate new subkeys, add UIDs, extend expiration dates, or create updated revocation certificates.

Export the Authentication Subkey to SSH