For some reason gpg gen-key still defaults to SHA1 and RSA2048, due to the known weaknesses of SHA1 it is probably a better idea to use SHA256. First of all, we need to create a configuration file. cat ~/.gnupg/gpg.conf" --- personal-digest-preferences SHA256 cert-digest-algo SHA256 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed To generate a new key type (also specify to use RSA 4096): gpg --gen-key ### or gpg --full-generate-key Other useful commands are: …