Use gpg --full-gen-key command to generate your key pair. At the prompt, specify the kind of key you want, or press Enter to accept the default RSA and RSA. I no longer use the old one. Create your key, and it should work after that. We will also provide the data with the -s option. Set Up GPG Keys. However, some tools override the default setting, for example calling git tag -s, which calls gpg -bsau DEFAULT_COMMITTER_EMAIL_ADDRESS under the hood. Each stable RPM package that is published by CentOS Project is signed with a GPG signature. It looks as though you have not set up a key. Enter the desired key size. This doesn't mean that a key is in a single computer. Where email@address is the address associated with the key to use. By default, yum and the graphical update tools will verify these signatures and refuse to install any packages that are not signed, or have an incorrect signature. I also received blank output from the same 2 commands: gpg --list-secret-keys gpg --list-keys I had reason to suspect this was to do with recent changes to the ~/.gnupg/pubring.kbx file, which lead me to run the following 2 commands to re-import missing keys:. We will also asked for passphrase to decrypt and use our private key which is create in the previous step. If you're not sure what keys you have on your system, issue the command: This doesn't mean that a key is in a single computer. $ gpg --keyring /shared/rpm/.gpg --no-default-keyring --full-gen-key Even if only one person is using the key to sign packages, make a separate keypair to use for signing. How CentOS uses GPG keys. Enter the length of time the key should be valid. GPG is installed by default in most distributions. Notice there’re four options. Let’s hit Enter to select the default. $ gpg2 --default-key İsmail -s test Sign PGP Key GPG Passphrase. The default key is the first one from the secret keyring or the one set with --default-key. Re-import missing secret keys: gpg uses the first key in your keyring as the key, unless you specify otherwise. gpg --sign --default-key email@address gpg.docx. File > New > PGP Key. Signing file 'Release' with gpg, please enter your passphrase when prompted: gpg: no default secret key: secret key not available gpg: signing failed: secret key not available ERROR: unable to publish: unable to detached sign file: exit status 2 You are unable to sign the Release file because the keyring secring.gpg is missing a GPG key. Additionally, use the --full-gen-key option and then choose to create a signing-only key instead of the default, which creates both a signing and encryption key. gpg --full-gen-key. By default, the GPG application uploads them to Open Passwords and Encryption Keys. $ gpg --default-new-key-algo rsa4096 --gen-key. I have two keys for my principal user ID: an old one, and a longer one I generated more recently. It asks you what kind of key you want. Your key must be at least 4096 bits. (My preferred method) Add the following lines to gpg.conf: no-default-keyring primary-keyring R:\pubring.gpg secret-keyring R:\secring.gpg trustdb-name R:\trustdb.gpg You may also need keyring R:\pubring.gpg Depending on the size of your portable storage device, you may find organizing with directories a bit easier. --no-default-recipient ... By default, GnuPG uses the standard OpenPGP preferences system that will always do the right thing and create messages that are usable by all recipients, regardless of which OpenPGP program they use. We will provide İsmail as default key with the --default-key option. I set the default key to the newer one using the default-key option in ~/.gnupg/gpg.conf.. Create Your Public/Private Key Pair and Revocation Certificate. If for any reason GPG is not installed, on Ubuntu and Debian, you can update the local repo index and install it by typing: sudo apt-get update sudo apt-get install gnupg On CentOS, you can install GPG … The default is to create a RSA public/private key pair and also a RSA signing key.