diff --git a/gpg.sh b/gpg.sh
new file mode 100644
index 0000000..63212b2
--- /dev/null
+++ b/gpg.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -e
+
+# don't require gpg key setup if user is root
+if [ "$EUID" -eq 0 ]; then
+	return
+fi
+
+# prompt to create key if none exists
+if [[ "$(find ~/.gnupg -maxdepth 2 -type f -wholename '*private-keys-v1.d/*.key' | wc -l)" == 0 ]]; then
+	echo 'No GPG keys found; creating one now.'
+	echo 'Using 4096 bit size is recommended for this setup.'
+	gpg --full-generate-key
+fi
diff --git a/setup.sh b/setup.sh
index 2e7e62b..cc764b0 100755
--- a/setup.sh
+++ b/setup.sh
@@ -70,3 +70,6 @@ source "$DIR"/vscode.sh
 
 # set up SSH config and create key if needed
 source "$DIR"/ssh.sh
+
+# create GPG key if needed
+source "$DIR"/gpg.sh