Skip to content


The process of generating a new primary GPG key is a bit intensive, however, all of it has been automated into a friendly Bash script to ease the process.


The environment must already be setup and available before continuing. See the environment section for more details.

In addition to the environment being accessible, the folllowing is also needed:

  1. A pen and paper to copy down the new secret data
  2. A hardware encrypted USB drive for storing backups


The environment already includes the automated script for creating a new key. To begin the process, simply run:

export GNUPGHOME="$(key_workspace)"

When prompted, ensure that the passphrases for the primary key and the encrypted partition are stored on paper. Once completed, you'll be prompted to reboot the system to clear all temporary files and memory.