Is this a good way to make the keys?
#!/bin/bash
# Create keys for the advanced configuration of split-gpg
# https://www.qubes-os.org/doc/split-gpg/#advanced-using-split-gpg-with-subkeys
#
# ** Run this in the vault instead of dom0 **
#
# Usage:
#
# Run the script in the vault qube
# [user@vault ~]$ bash make_split_gpg_key.sh <Name> <Email>
#
# Then qvm-copy the *.subkey.private.asc to the Work-gpg qube
# qvm-copy the *.full.public.asc to the Work qube
Name=$1
Email=$2
# Create master key and subkey
gpg2 --batch --gen-key <<EOF
%no-protection
Key-Type: RSA
Key-Length: 4096
Name-Real: $Name
Name-Email: $Email
Expire-Date: never
Key-Usage: cert
Preferences: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 Uncompressed
Subkey-Type: RSA
Subkey-Length: 4096
Subkey-Usage: sign
EOF
# Create a directory to hold the keys
OutDir=./$Name
mkdir $OutDir
# Export the full version of the keys
RevokePath=${OutDir}/${Name}.full.revocation-certificate
FullPrivatePath=${OutDir}/${Name}.full.private.asc
FullPublicPath=${OutDir}/${Name}.full.public.asc
gpg --output $RevokePath --gen-revoke ${Name}
gpg --export-secret-keys --armor ${Name} > $FullPrivatePath
gpg --export --armor ${Name} > $FullPublicPath
# Export the private subkey
PrivateSubkeyPath=${OutDir}/${Name}.subkey.private.asc
gpg --export-secret-subkeys --armor ${Name} > $PrivateSubkeyPath