Skip to main content

Create a GPG master key

Introduction

A master key can technically be used to sign without a need for a subkey. However, we recommend that you only use the master key (sometimes called “certification key”) to certify and create subkeys.

You can generate a master and subkey from DigiCert​​®​​ Software Trust Manager or our command line interface SMCTL.

A GPG master key contains:

  • RSA, ECDSA, or EdDSA keypair

  • User IDs (UIDs)

  • Self-signature for every UID associated with the master key

  • Key that can certify

The master key can be used to:

  • Add or revoke subkeys

  • Add, change, or revoke user identities (UIDs) associated with the key

  • Add or change the expiration date on itself or any subkey

  • Sign other people's keys for web-of-trust purposes

Create a GPG master key

注意

What is a User ID (UID)?

UIDs are assigned to the master key. They are used to identify your GPG key.

UID format

Name (Comment) <email>

UID examples

  • John Doe (Signing) john.doe@example.com

  • Jane Doe jane.doe@example.com

Tip

UIDs are shown in some GnuPG operations. Select a name, email address, and comment that are both professional and commonly used for PGP-protected communication, for example your company email address or one you use for signing off on project commits.