Why Keyboard Handling Matters

Every React Native developer, at some point, wrestles with mobile keyboards. Whether your app is a chat, a login form, or a complex survey, you quickly realize that the keyboard can disrupt content, animations, and even user flows. This post tracks the journey from the earliest struggles to today’s robust, cross-platform tooling so you can ship seamless, native-like keyboard experiences on both iOS and Android.

2015: The Wild Beginnings

React Native’s release was exciting native-feel apps powered by JavaScript. Early on, keyboard handling felt like an afterthought. iOS simply handed the problem over to app developers, forcing many to cobble together awkward workarounds. Android, meanwhile, resized views automatically via the windowSoftInputMode but gave developers little control over transitions or custom layouts.

KeyboardAvoidingView Arrives

To help, React Native introduced KeyboardAvoidingView. On iOS, this component wraps your layout and pushes it upward as the keyboard appears.

<KeyboardAvoidingView>
  <TextInput />
</KeyboardAvoidingView>

But it had clear limitations especially for forms or inputs near the bottom of the screen. Inputs could get stuck behind the keyboard, with no easy fix.

Community Packages & Native Inspirations

The React Native community saw these shortcomings and released react-native-keyboard-aware-scroll-view, which helped make focused inputs visible by scrolling as users interacted. Meanwhile, iOS developers outside the React Native bubble had long adopted IQKeyboardManager this inspired the React Native KeyboardManager wrapper to sync keyboard anims and add toolbars.

Shortcomings Remained

• Keyboard-aware scrolling sometimes desynced animations, especially with multiline fields.

• Android didn’t need most wrappers, but lacked options for customizing or animating transitions.

Native Breakthroughs & InputAccessoryView

As apps matured, custom behaviors became critical:

• Chat UIs wanted swipe-to-dismiss gestures.

• Smart toolbars and sticky buttons became UI must-haves.

iOS’s InputAccessoryView answered these needs, smoothly handling sticky toolbars above the keyboard and interactive dismissal. On Android, developers had less direct control, leading to inconsistencies.

True Cross-Platform Parity: The Modern Era

Keyboard management needed to be unified same API and parity across iOS and Android.

Introducing Advanced Libraries

New libraries like react-native-avoid-soft-input let developers:

• Animating transitions with hooks (useKeyboardAnimation)

• Disabling auto-resizing on both platforms for precision

Android 11 introduced the window insets animation API, marking a turning point. Developers could finally synchronize UI and keyboard movement, unlocking smoother experiences on both platforms.

The Keyboard Controller Library

Kiryl Ziusko, creator of Keyboard Controller, set ambitious goals:

• Identical experience on both platforms

• Single API for everything, no conditional code

• Advanced parity for events, animations, and gestures

With hooks like useKeyboardAnimation (returns animated keyboard height/progress) and useKeyboardHandler (lets you handle animation at every frame), fine-grained control became reality.

const { height, progress } = useKeyboardAnimation();

Syncing Animations and Avoiding Jank

• Both iOS and Android could animate transitions in sync

• You could track keyboard focus and update the UI smoothly for multiline and growing fields

• New declarative components extended classic wrappers, so keyboard avoidance “just works”

Building With Modern Components

Today, you can use high-level components:

• KeyboardAvoidingView (powered by Keyboard Controller APIs) for responsive, animated avoidance and padding.

• KeyboardStickyView for buttons/toolbars anchored above the keyboard, with no config needed.

• KeyboardAwareScrollView (now supporting animated transitions and input events).

• KeyboardToolbar, KeyboardExtender, and KeyboardBackgroundView for toolbars and advanced keyboard overlays.

<KeyboardStickyView>
  <Button title="Submit" />
</KeyboardStickyView>

Bonus: Programmatically move focus between fields (setFocusTo)—no more sticky input headaches.

Going Beyond: Extending and Animating the Keyboard

Modern solutions let you embed custom views inside or above the keyboard region. Want a quick payment selector or animated chat attachment sheet? Tools like KeyboardExtender and KeyboardBackgroundView let you do this without glitches.

The result? Rich UIs that feel polished, professional, and fully native.

Takeaways for Developers

• Keyboard problems are solved: Modern libraries give you seamless, predictable behavior across platforms.

• Leverage hooks and components: Write less boilerplate let declarative wrappers and hooks handle the tough stuff.

• Try advanced features: Toolbars, gestures, overlays, focus management, and even shared transitions are now part of your toolkit.

• Don’t fear animation: Synchronized keyboard transitions enable rich, immersive mobile experiences.

Today, React Native keyboard management is no longer an afterthought or a “black hole.” Developers can now focus on user experiences, confident that input interactions will be smooth and intuitive. So embrace these tools, build boldly, and make your keyboard interactions a delight not a frustration for your users.

If you’re a React Native developer ready to turn your app into a sustainable business, understanding monetization is crucial. Monetization isn’t just about making money it’s about supporting your development, sustaining your app, and creating value for your users. In this blog, we dive into how to monetize React Native apps using in-app purchases (IAPs), what works best, and practical steps to implement them.

Why Monetization Matters for Developers

First off, why should developers care about monetization? Simply put, you need to eat! The idea that Apple or Google will pay you just for listing an app in their stores is a myth. Both platforms charge fees and take commissions on app sales or in-app purchases. Without monetization, you'll struggle to support your development efforts.

Interestingly, React Native apps lead other platforms in revenue generation. React Native apps:

• Generate more revenue than Flutter and even native apps

• Have better conversion rates, meaning users are more likely to subscribe

• Achieve higher long-term revenue per user than competitors

React Native’s strength lies in rapid development and faster market reach, helping developers tune apps closely to user preferences and needs. So, if you hear someone say React Native isn’t “native enough,” you can just smile and say, “Say that to my wallet.”

Monetization Strategies Overview

There are three primary models to monetize apps:

1. Paid apps (buy to download):
   This traditional method charges users upfront to download your app. It’s simple but less popular today. Users often hesitate to pay without trying the app first.

2. Ad-supported models:
   Apps rely on ads for revenue. While common, especially on Android, ads can degrade user experience. Often, ad quality is low, and users find them intrusive.

3. In-app purchases (IAPs):
   IAPs represent a more flexible, user-friendly revenue stream. Users try your app, then pay for additional features or subscriptions once hooked. This approach maximizes monetization potential and minimizes upfront barriers.

Understanding In-App Purchases Types

In-app purchases come in several flavors:

• Consumables:
  One-time purchases users consume, like virtual currencies or potions in games. Once used, they must be bought again.

• Non-consumables:
  Permanent purchases that unlock features or content forever, like unlocking a premium theme or removing ads.

• Subscriptions:
  Recurring payments granting ongoing access to premium features for set periods (monthly, yearly). This has become the dominant monetization model due to steady revenue flow.

Here’s when to use each:

Subscriptions reduce user friction by spreading costs over time. They align well with apps that provide continuous value, like fitness services, news, or content streaming.

Navigating App Store Fees and Policies

Both Apple and Google take a cut from your sales, roughly 15-30%. For small developers earning less than $1M, Apple offers an 85% share on revenues, which incentivizes smaller businesses.

You cannot sidestep in-app purchase policies easily for digital goods. Apple and Google are alert to violations and may reject apps that try to redirect users outside their payment systems. Some exceptions exist for physical goods, but digital subscriptions must comply.

For example, Spotify uses a “reader app” model where subscriptions happen outside the app (on the website) because their app cannot directly process payments in the store.

Practical Steps to Implement In-App Purchases in React Native

Let’s get hands-on. How do you add IAP support to a React Native app?

If you’ve heard of RevenueCat it’s an excellent hosted solution simplifying IAP integration. They track purchases, manage subscriptions, handle cross-platform product mapping, and provide UI components for paywalls.

Key Terms for React Native IAPs:

• Products: Your subscriptions or items listed in App Store / Play Store.

• Entitlements: Groups of products that grant access to certain features.

• Paywall: The UI screen where users can purchase subscriptions or items.

Setting Up Products and Entitlements

1. Configure your products on the Apple App Store Connect and Google Play Console.

2. Connect RevenueCat using API keys specific to each platform.

3. Import products automatically into RevenueCat no tedious manual syncing.

Coding Your First Subscription

Starting fresh with Expo or React Native?

• Install react-native-purchases from RevenueCat.

• Because Expo Go lacks native code support, use a development build.

• Configure your API keys for iOS and Android.

Here’s a basic example to set it up and show a paywall modal blocking access until a purchase is made:

import Purchases from 'react-native-purchases';
import { Platform } from 'react-native';

useEffect(() => {
  Purchases.configure({
    apiKey: Platform.select({
      ios: 'your-ios-api-key',
      android: 'your-android-api-key',
    }),
  });
}, []);

const Paywall = () => {
  // RevenueCat's React Native UI components make this easy - no custom UI code needed
  return <RevenueCatPaywall />;
};

Once setup, RevenueCat’s dashboard lets you customize paywall appearances dynamically with templates, enabling you to run AB tests or display different offers to segments of users.

After Purchase Flow

When users complete a purchase:

• The paywall disappears.

• Your app checks if the user has access based on entitlements.

• Unlock new features or content accordingly.

Summary & Recommendations

• Monetization is essential to sustain app development React Native apps lead in revenue outcomes.

• In-app purchases provide the most flexible and user-friendly monetization strategy.

• Subscriptions are the go-to format for recurring revenue.

• Use hosted services like RevenueCat to simplify implementation and management.

• Always comply with app store policies and design smooth, compelling paywalls.

• Start with simple paywalls and iterate with dynamic offers based on your user data.

React Native developers have all the tools needed to monetize successfully and focus on building apps users love. Once set up, you can replace guesswork with data-driven paywalls and unlock new revenue streams all while delivering the best experience possible.

“Alas! Wielding a Chainsaw Where Scissors Suffice.”
When developing multi-layer applications, sometimes the tools we use are far heavier than the actual task at hand.

If you’re building an Angular frontend hosted inside an ASP.NET MVC project with a .NET API, chances are you’ve run into this,

• Visual Studio consuming close to 100% CPU

• Fans spinning like a jet engine

• Even small operations feeling sluggish (Yeah, I copied and pasted a line in the same file and it was showing me a loading symbol)

I ran into this exact issue and found a lightweight alternative that cut CPU usage from ~100% down to under 30%, all while keeping Angular, MVC, and API running smoothly.

Why Visual Studio Eats CPU

• Roslyn Code Analysis & IntelliSense → continuously scanning large solutions

• ServiceHub background services → CodeLens, Live Analysis, and telemetry

• Running Angular inside Visual Studio → even though it’s not needed just to serve the frontend

The end result? High resource usage for tasks that don’t really require Visual Studio.

A Lighter Alternative

For Angular development, Visual Studio Code (or any editor) is much lighter compared to full Visual Studio.
Visual Studio is still invaluable when debugging MVC or API issues but it doesn’t need to stay open all the time just to host projects.

Instead, you can run your projects directly from the command line.

Run the API with dotnet run

From the folder where your .csproj file is located

dotnet run --urls "<protocol>://localhost:<port>"

Example:

dotnet run --urls "https://localhost:7001"

This spins up your API without needing Visual Studio.

Run the MVC Project with IIS Express

From the folder containing your web.config:

"<path-to-iisexpress.exe>" /path:"<path-to-project>" /port:<desired-port>

Example:

"C:\Program Files (x86)\IIS Express\iisexpress.exe" /path:"C:\Path\to\Project\Folder" /port:20500

This runs your MVC project lightweight via IIS Express.

Benefits of This Setup

• Lower CPU usage (under 30% vs ~100%)

• Faster Angular hot reloads

• No need to keep Visual Studio open all the time

• Flexibility: only open VS when debugging MVC or API issues

Visual Studio is a fantastic tool, but it’s often overkill for day-to-day frontend development. By separating concerns, running MVC and API manually, and Angular independently you can enjoy a smoother, faster workflow without your CPU maxing out.

If you’re struggling with performance in your dev environment, give this approach a try. Sometimes, trading the chainsaw for a pair of scissors is all you need.

• Open the <YourProjectName>.xcworkspace file on Xcode

• Make sure You select the Files icon in the left section and the Project is selected.

• Make Necessary changes in Version and Build number only if necessary.

• Change the device to Any iOS Device (Arm 64)

• In the Top Menu select Product and select Clean Build Folder, Wait for it to show the message clean finished.

• In the same menu click Archive and then wait for this to finish might take some time. Once completed the Organizer window will open.

In that select the build you just created and click the Distribute App button.

Select Ad Hoc and click on Next

Check Include manifest for over-the-air installation and click on Next

Fill in the link for the .ipa file where you will be hosting it.

Choose Signing and Proceed

Now Click export and choose a location where you wish to save the folder. This contains manifest.plist and Wordrobe.ipa files

Now in your server, in that location create an index file which contains a button on click opens the link

<a href="itms-services://?action=download-manifest&url=https://dl.vengalath.com/dglb/june23/9/manifest.plist" title="Install iOS app">

Which is itms-services://?action=download-manifest&url=<link_to_your_.plist_file>

Currently the folder dl.vengalath.com/dglb/june23/9/ contains

• manifest.plist

• index.html

• wordrobe3.0.11.ipa

Share the link with internal testers and they will be able to install the app. The client device or tester device UUID should be added to the trusted device or device list on the Apple app store only then they will be able to install the application. And the Developer mode should be turned on in that device.

In my case, the testing device was already listed there since the device was logged in with an email of an internal tester.

Now when you open the link and click the Install App icon you should be able to test the app.

Cover Image by storyset on Freepik

Why is this important?

Anyone can send emails from your domain if you didn't set SPF and DMARC records. Just having the SPF will mark spoofed emails as spam.

Do you need to set an SPF record for a domain that doesn't send mails?

It will reduce the risk of being abused by phishers and spammers. if you set the SPF record as follows

v=spf1 -all

What is SPF?

Sender Policy Framework (SPF) is used to authenticate the sender of an email. ISP can verify an IP is authorized to send emails from your domain. know more visit https://dmarcian.com/what-is-spf/

To know more about DKIM visit https://dmarcian.com/what-is-dkim/

So what about DMARC?

The standard email authentication method DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps us to prevent attackers from spoofing the domain.

You can set DMARC easily with instructions from http://dmarcian.com

Credits Background photo created by natanaelginting - www.freepik.com

This setup is for Mac users

Enable the GPG-agent ssh support by typing this in your terminal

echo enable-ssh-support >> $HOME/.gnupg/gpg-agent.conf

Set SSH_AUTH_SOCK so that SSH will use GPG-agent instead of ssh-agent. Add this to to your .bashprofile or .zshrc

To know your SHELL type

echo $SHELL

this will print /bin/zsh or /bin/bash

open the .zshrc file by typing

cd && nano .zshrc

or open .bashprofile by typing

cd && nano .bash_profile

Add the following to the file (.bashprofile or .zshrc)

unset SSH_AGENT_PID
if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then
  export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)"
fi
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null

Enable the gpg subkey for ssh authentication

Type the following command to get the the sub-key key grip

gpg --list-keys --with-keygrip

This may print the following

amrith@V ~ % gpg -K --with-keygrip
/Users/amrith/.gnupg/pubring.kbx
--------------------------------
sec#  rsa4096 2021-02-07 [SC] [expires: 2031-02-07]
      10B0C3E9867BC44CDA48690C8678CFE303EBDB52
      Keygrip = CD02E01C898C378214163C91F3D1E93107B0EBDB
uid           [ultimate] Amrith Vengalath 
ssb   rsa4096 2021-02-07 [E] [expires: 2023-02-09]
      Keygrip = 4778AA4AE919B0387C24389FC2E86C4B7749FAD4
ssb   rsa4096 2021-02-09 [S] [expires: 2023-02-09]
      Keygrip = B19D2224DBBBCC324679AC3CDA97337035477338
ssb   rsa4096 2021-02-10 [A] [expires: 2023-02-10]
      Keygrip = 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5

Add the keygrip of your subkey in the list of approved keys by the following command

echo 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5 >> ~/.gnupg/sshcontrol

I typed 53C518FCC568C4D3659AD3FF0C0A567CC9593DB5 here since that is my keygrip replace this with yours

Now type the following command to check if the key is present in the ssh identities list

ssh-add -l

output

4096 SHA256:adp8owth5AD41Hk6uHYY3M5rl/GJNzizQIXwRugS5t0 (none) (RSA)

Retrieve the public ssh key for the subkey

for that type the following command

gpg --export-ssh-key 03EBDB52

output

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMPKbaYFylBzBNA79ZOzdoMit7/HpJcqG1qNoegN6gxh/rdUNRA5Lu700ub+Z3PioZHQHm01PczINO5uT9S/kA0FnkoIFJ+gqd4QfAVpPhsPFzkxiEHj9552UnjsEOlCM5gLwXfeVr268VUSEcY0HtHJ8jELF3xOO9JeFDAGWbrEHqKbeClvsUHKn2Ktf2LXITh0tHUFbzPt+LqEopNrkjdAsMTJVUh7mrIeJFbGlqlgUfnaWCOXZ9vdAyj/E2FkK98+lg423svrU5gqCMcAOHww/8qHpuZ3ni6VxbBMo6aEbChGkfNMOXmrelk9+XZOJH6bCZPP6egTwXMBZg9W60hq4r1lc6pprBp48kmdNuj9JDg+I2r2q2ETslzOZJC5GUJv1FifIaztPH9lO6L/e1/xGiKIbQsL7mKSju7pnhAvMfmwGVTzo6CwWm2QKVEVu5pI3dP/dJINwXZ+LoG6q2lkNxt/6xKQPUSDtwCoxmo/Di8lFuHmoi0Q2TJgX1I07uWDurTqci+fafniYcuwABxFrQZKUcNb+ZaSL2L4DifMu+FvC0sZlkprWTQ/R6PnhTzEEuiHLQZG1O3UycI2TyEhUxaPmTulJktlVjH8GXcbp5tWjtk/7WYKBiVu8yvXUtGicMpQ/VQev/Lyd0ucb0eTyGofLDAXwcgAsXenacBw== openpgp:0x4893D8CE

You can test if the key is working with your Github account. The ssh public key generated in the previous step has to be added to your Github SSH keys.

ssh -T git@github.com

output

Hi AmrithVengalath! You've successfully authenticated, but GitHub does not provide shell access.

This is similar to creating ssh key where you choose key size, specify an identifier, and set a passphrase. There will be a public key (which you share with everyone) and a private key (stored securely).

Here we will create a key to Certify and then create sub-keys to sign, encrypt and Authenticate.

Generating the master key

For this key we only want Certify capability: we use this master key only to create the subkeys, Sign – Encrypt – Authenticate capabilities will be assigned to the subkeys.

Run the following command in your terminal to begin

gpg --full-generate-key --expert

Now type 8 to select option – RSA (set your own capabilities)

amrith@V ~ % gpg --full-generate-key --expert
gpg (GnuPG/MacGPG2) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/Users/amrith/.gnupg' created
gpg: keybox '/Users/amrith/.gnupg/pubring.kbx' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
   (9) ECC and ECC
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (13) Existing key
  (14) Existing key from card
Your selection? 8

Now type s to disable sign capability for the key

Possible actions for a RSA key: Sign Certify Encrypt Authenticate 
Current allowed actions: Sign Certify Encrypt 

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? S

Now type E to disable encrypt capabilities for this key

Possible actions for a RSA key: Sign Certify Encrypt Authenticate 
Current allowed actions: Certify Encrypt 

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? E

Now type Q to quit the toggle process and continue

Possible actions for a RSA key: Sign Certify Encrypt Authenticate 
Current allowed actions: Certify 

   (S) Toggle the sign capability
   (E) Toggle the encrypt capability
   (A) Toggle the authenticate capability
   (Q) Finished

Your selection? Q

Enter the desired key size for your master key

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits

Set the expiration for your master key

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri Jun 24 14:13:15 2022 IST
Is this correct? (y/N) y

Construct your user ID (input your full name and email, leave comment empty). Type O to complete

GnuPG needs to construct a user ID to identify your key.

Real name: Amrith Vengalath
Email address: blog@vengalath.com
Comment: 
You selected this USER-ID:
    "Amrith Vengalath <blog@vengalath.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?

Enter a passphrase for your master key

  │ Please enter the passphrase to                       │
  │ protect your new key                                 │
  │                                                      │
  │ Passphrase: ________________________________________ │
  │                                                      │
  │       <OK>                              <Cancel>     │
  └──────────────────────────────────────────────────────┘

If you did the above steps correctly you should have the following result

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /Users/amrith/.gnupg/trustdb.gpg: trustdb created
gpg: key ED15BADA58E13002 marked as ultimately trusted
gpg: directory '/Users/amrith/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/Users/amrith/.gnupg/openpgp-revocs.d/C1B6013E0F6B140F876C4AE5ED15BADA58E13002.rev'
public and secret key created and signed.

pub   rsa4096 2021-06-24 [C] [expires: 2022-06-24]
      C1B6013E0F6B140F876C4AE5ED15BADA58E13002
uid                      Amrith Vengalath <blog@vengalath.com>

Store the revocation certificate (created by GPG) for your master key on a physical device.

Generate Sign, Encrypt and Authentication sub-keys

You may create 3 sub keys. one to sign (S) another for encryption (E) and one for Authentication

Run this command to edit your key

amrith@V ~ % gpg --expert --edit-key Amrith
gpg (GnuPG/MacGPG2) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2022-06-24
sec  rsa4096/ED15BADA58E13002
     created: 2021-06-24  expires: 2022-06-24  usage: C   
     trust: ultimate      validity: ultimate
[ultimate] (1). Amrith Vengalath <blog@vengalath.com>

In the gpg console prompt specify that you want to add a new key for that master key:

gpg> addkey

Select the set your own capabilities creation process (type 8)

Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
   (7) DSA (set your own capabilities)
   (8) RSA (set your own capabilities)
  (10) ECC (sign only)
  (11) ECC (set your own capabilities)
  (12) ECC (encrypt only)
  (13) Existing key
  (14) Existing key from card
Your selection? 8

Add Authenticate capabilities (type A). Sign and Encrypt capabilities are already enabled by default or you may type E to turn off encryption and then create signing and Authenticate keys separately repeating the add key command

Possible actions for a RSA key: Sign Encrypt Authenticate
  Current allowed actions: Sign Encrypt

  (S) Toggle the sign capability
  (E) Toggle the encrypt capability
  (A) Toggle the authenticate capability
  (Q) Finished

  Your selection? A

Type Q to continue the process

Possible actions for a RSA key: Sign Encrypt Authenticate
  Current allowed actions: Sign Encrypt Authenticate

  (S) Toggle the sign capability
  (E) Toggle the encrypt capability
  (A) Toggle the authenticate capability
  (Q) Finished

  Your selection? Q

Input the desired key size for the subkey

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits

Setup the expiration for the subkey

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Fri Jun 24 14:17:16 2022 IST
Is this correct? (y/N) y
Really create? (y/N) y

Input the passphrase for the master key (the one you setup in the master key generation process). You should get this result

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.


sec  rsa4096/ED15BADA58E13002
     created: 2021-06-24  expires: 2022-06-24  usage: C   
     trust: ultimate      validity: ultimate
ssb  rsa4096/99067D8DFE5EF249
     created: 2021-06-24  expires: 2022-06-24  usage: SEA 
[ultimate] (1). Amrith Vengalath <blog@vengalath.com>

Save and exit

gpg> save

Now if you list your keys you will see also a subkey (sub) with SEA capabilities (Sign – Encrypt – Authenticate). You may use different sub-keys for Signing, Encrypt and Authentication. You can only use one Encryption key.

amrith@V ~ % gpg --list-keys
/Users/amrith/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2021-06-24 [C] [expires: 2022-06-24]
      C1B6013E0F6B140F876C4AE5ED15BADA58E13002
uid           [ultimate] Amrith Vengalath <blog@vengalath.com>
sub   rsa4096 2021-06-24 [SEA] [expires: 2022-06-24]

So what is a Phishing email?

A phishing email is a mail sent by an attacker to his victim to make them click on a link and make them enter their sensitive information or download malware. Most of the emails we receive are in HTML. So we can’t say that the link displayed on our screen is the one you are gonna visit as in the example below.

Here the link shown to us is google.com but the actual link is malicious-site.com. You get to know how to spot most of the phishing emails by taking this quiz from google

Take the Quiz