Generate

master key

gpg --expert --full-generate-key
8 → RSA (set your own capabilities)
s → toggle the sign capability
e → toggle the encrypt capability
q → finished
4096
1y → key expires in 1 year
y → this is correct
First Last
user@domain.tld
comment
o → ok
gpg --quick-generate-key 'First Last <user@domain.tld>' rsa4096 cert 1y

revocation certificate

gpg --generate-revocation "KeyID" > "FFIINNGGEERRPPRRIINNTT.rev"
y
0 → no reason specified
1 → key has been compromised
2 → key is superseded
3 → key is no longer used
description
y

Warning

Hide this file in an encrypted container!