Jump to content
Choose a UID
- Use a valid e-mail address: no obfuscation.
- The e-mail address should be reliable (do not use one you got from your ISP or a random free service).
- When in doubt, you should prefer using your
- The UID also has to be the same as the
PACKAGER variable you use to build packages.
- A correct UID looks like this:
Pierre Schmitz <email@example.com>
- We strongly advise you use your real name. It has to be exactly that found on official documents (passport, driver's license, etc.); see CAcert's practice on names.
Create a key pair
- You may use the default: a never expiring 2048-bit RSA key for encryption and signing.
- Create a revocation certificate, for use when/if your private key ever gets compromised:
gpg -o ~/.firstname.lastname@example.org --gen-revoke email@example.com
- Make sure to store this file in a secure location (and/or encrypt it with a passphrase); then delete the plaintext version.
- Backup your private key:
gpg --export-secret-keys firstname.lastname@example.org > email@example.com
Recommended: Get your key signed by CAcert
- Create an account on CAcert.[dead link 2021-05-17 ⓘ]
- Meet CAcert assurers and have them verify your official identification documents; see CAcert's assurance policy.
- You will then be able to access a new part of the CAcert website and get your key signed:
- Export your public key:
gpg --export --armor firstname.lastname@example.org > email@example.com
- Paste the content of that file into the form on the CAcert website[dead link 2021-05-17 ⓘ].
- Save the signed key from the CAcert website and import it:
gpg --import <filename>
Recommended: Get your key signed by other devs
- When ever you meet with another dev, sign each others' keys.
- Take this seriously: never sign a key when you cannot verify the other person's identity.
- See CAcert's assurance policy for good guidelines.
Publish your public key
- Send your public key to a keyserver:
- Check your key id with:
gpg --send-keys KEY-ID
- Add your key fingerprint to your profile at https://archlinux.org/devel/profile/
- Create a backup of your keys and be sure not to forget the passphrase!