Skill

gpg-generate-key

Generate a new GPG keypair (primary signing key + encryption subkey) on the local GnuPG keyring. Use when the user wants to create a new GPG identity, set up signing for git commits, or create a key for encrypted email. Confirms key parameters before generation; defaults to ed25519/cv25519 with no expiry unless the user specifies otherwise.

npx claudepluginhub danielrosehill/claude-code-plugins --plugin gpg-ops

Tool Access

This skill uses the workspace's default tool permissions.

Preview

The user wants to create a new GPG key — for signing git commits, encrypting files, signing releases, or setting up an encrypted-email identity.

SKILL.md

Similar Skills

evm-token-decimals

175.2k

Prevents silent decimal mismatch bugs in EVM ERC-20 tokens via runtime decimals lookup, chain-aware caching, bridged-token handling, and normalization. For DeFi bots, dashboards using Python/Web3, TypeScript/ethers, Solidity.

everything-claude-code

Stats

Stars0

Forks0

Last CommitApr 30, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Generate a GPG Keypair

When to use

The user wants to create a new GPG key — for signing git commits, encrypting files, signing releases, or setting up an encrypted-email identity.

Preflight

gpg --version | head -1

If gpg isn't installed, stop and ask the user to install GnuPG (sudo apt install gnupg on Debian/Ubuntu).

Gather inputs

Ask the user for (with sensible defaults):

Real name — required, no default.
Email — required, no default.
Comment — optional, skip by default.
Algorithm — default ed25519 (fast, modern, smaller). Offer rsa4096 if they want maximum compatibility with old systems.
Expiry — default 0 (no expiry). Suggest 2y if the user is unsure — it can be extended later.
Passphrase — let GPG prompt interactively. Do NOT pass passphrases on the command line.

Generate

For ed25519 (default), use --quick-generate-key which is non-interactive apart from the passphrase prompt:

gpg --quick-generate-key "Real Name <email@example.com>" ed25519 sign,cert <expiry>

Then add an encryption subkey (ed25519 primaries can't encrypt directly):

KEYID=$(gpg --list-secret-keys --with-colons "<email>" | awk -F: '/^sec:/ {print $5; exit}')
gpg --quick-add-key "$KEYID" cv25519 encr <expiry>

For RSA, a single command suffices:

gpg --quick-generate-key "Real Name <email@example.com>" rsa4096 default <expiry>

For finer control (multiple UIDs, custom subkey layout), use gpg --full-generate-key and let the user drive the interactive prompts.

Post-generation

Show the user the new key fingerprint and key ID:

gpg --list-secret-keys --keyid-format=long "<email>"

Offer next steps:

Export the public key (use gpg-export-public-key skill).

Configure git to sign commits with the new key:

git config --global user.signingkey <KEYID>
git config --global commit.gpgsign true

Back up the private key and revocation certificate to a secure location. GPG auto-generates a revocation cert at ~/.gnupg/openpgp-revocs.d/<FINGERPRINT>.rev — recommend backing this up offline.

Notes

Never write the passphrase to disk or pass it via --passphrase on the command line.
Key material lives in ~/.gnupg/ — that's the user's keyring, not plugin data. Don't touch.