- generate the key
gpg --full-generate-key - select 9 (or
ECC (sign and encrypt))Please select what kind of key you want: (1) RSA and RSA (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (9) ECC (sign and encrypt) *default* (10) ECC (sign only) (14) Existing key from card Your selection? 9 - select 1 (or
Curve 25519)Please select which elliptic curve you want: (1) Curve 25519 *default* (4) NIST P-384 (6) Brainpool P-256 Your selection? 1 - enter a key validity period if you’d like
- enter in an identifier for the Real Name section
i prefer to use a combination of the username + host identifier for this
- enter in your email (align it with the ssh key you’re going to use to sign things)
- enter in your email/identifier for the comment
- set a passphrase
- run the following to get a list of your keys and identify the one you just made
gpg --list-keys - the key’s primary id is the long hex string below the
puband above theuid - run the following to export it
gpg --export --armor ${PRIMARY_ID} - you now have your
${PUBLIC_GPG_KEY}
gitea-specific notes
- after getting your
${PUBLIC_GPG_KEY}and entering it into gitea, gitea will issue you a verification signing invocation - running it as-is might result in the following errors:
gpg: signing failed: Inappropriate ioctl for device - to solve the above issue, run the following before re-running the command:
export GPG_TTY="$(tty)"