First make sure you don’t have a key already:

gpg --list-keys

If you didn’t and need to create a key then run:

gpg --gen-key

It might hang for awhile while generating enough random entropy. Run “ls -R /” to speed things up.

And upload it to a public key server:

gpg --keyserver hkp://pgp.mit.edu --send-keys <keyid>

Now list the keys again to get the keyid:

gpg --list-keys

The keyid is the half after the / in:

pub   XXXX/XXXXXXXX 2011-12-05

Then generate your key:

gpg -ab <filename>

If you’re doing this for an upload to the Maven repositories, you’ll need to do this for each of the four file (.jar, -sources.jar, -javadoc.jar, and .pom) and then jar all eight files together in a bundle.jar file.  More details available on Maven’s how to generate PGP signatures page.