Generating PGP Keys
This article will guide you through the process of generating public and private keys for encrypting emails. This is for people using command line (unix) mail readers such as Mutt as well as those who use Linux workstations.
How to Generate PGP Keys
Run the following commands on your local workstation:
Note: You will have to run the same command to initialize the directory (step 1) and to generate the key (step 2).
Initialize the GPG Directory
> gpg --gen-keygpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: /home/keymaster/.gnupg: directory created
gpg: /home/keymaster/.gnupg/options: new options file created
gpg: you have to start GnuPG again, so it can read the new options file-
Generate a Private Key
> gpg --gen-keygpg (GnuPG) 1.0.6; Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: /home/keymaster/.gnupg/secring.gpg: keyring created
gpg: /home/keymaster/.gnupg/pubring.gpg: keyring created
Please select what kind of key you want:
(1) DSA and ElGamal? (default)
(2) DSA (sign only)
(4) ElGamal? (sign and encrypt)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 4096you really need such a large keysize? y
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? yYou need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) "
Real name: Your Real Name
Email address: youremail@foo.upenn.edu
You selected this USER-ID:
"Your Real Name"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
Enter passphrase: pickapassphrase
Repeat passphrase: pickapassphrase
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++. ...
you may see
...
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 290 more bytes)
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++++++++++++.+++++++++++++++.+++++++++++++++++++++++++. public and secret key created and signed. -
Generate and print a copy of your public key ID and fingerprint
>gpg --fingerprint
An an example of the fingerprint output, here is the output of the NMLUG Keymaster's fingerprint:pub 1024D/14931423 2003-02-13 New Mexico Linux User Group Keymaster
Key fingerprint = 724D 2514 93EC 83D4 E5BC D534 C5BC C12C 1493 1423
sub 2048g/42685AC7 2003-02-13
Store your PGP passphrase in a secure place, such as a password manager (Dashlane Premium is available for free to members of the Penn Community). The PGP system has no means to reset your password if you forget it. If you forget your passphrase, you will need to create a new key, send it out to everyone, and tell them to use the new one rather than the old one.
Mutt
If you use mutt to read your email, you may need to add this line to your .muttrc file:
source /usr/local/doc/mutt/samples/gpg.rc