Next step is to create a revocation key in case our key has been compromised. To restore your keys to your keyring in case it gets corrupted or deleted. gnupg/backup-secretkey.asc -export-secret-keys Now the all important backup stages, first backup your private key. You should now enter your keyID (xxxx94E) in your email client's security section if you want to sign or en/decrypt mail. Next, we are going to export our public key to a text file so we can put it on our website for those who can't access it via key servers for whatever reason. Warning: Do not ever send to a key server, or give out to anyone, your private keys! Only your public key.įrom our earlier example your key is xxxx94E, so to submit this key you would issue the command There are several key servers, they do sync up with each other so you don't have to upload your public key to all of them, just one is sufficent. Now you have your keys, you should send your public key to a keyserver so others can find it. copy the characters on the pub line, after the 2048R/ Gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2uĬongratulations, most the hard work is done, well, kinda. Gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model Public and secret key created and signed. Gpg: key xxxx94E marked as ultimately trusted When its done, you will end up with your Key details You will need to move your mouse or hit gibberish on the KB so it can generate enough random goodness.
Then you will have to enter a pass phrase, think of a good one, do NOT use names or people/pets, or dates, phone numbers etc and make sure you use numbers and mixed upper and lower case characters. Next enter your First and Last name, the email address this key is associated with, any comment (you don't need one, but if you worked for say TPG, you could enter TPG. The key lifetime is up to you, on work keys I would use no more than 2y, if its personal, I use 0 for indefinite, we are going to create a revoke authority key later. What keysize do you want? (2048) hit enter, 2048 is very strong. Gpg -gen-key and follow the instructions, basically, you want to use the default type (1) RSA and RSA (default) It is also important to upload your public key to a key server and make it publicly available via your website so your signature can be confirmed for authenticity and recipients can decode encrypted files you send them. Some things to remember, when creating keys, it is important to remember to create a revocation key, and to backup not only your public key, but your private and revocation keys as well.
Most distros by default include GNU Privacy Guard (gpg) in the base install so you should not need install anything, we will be using command line, so if you're in X, open a terminal window. This is not designed to be an indepth guide, it's a quickstarter. GPG is available for Linux, Mac, and Windows. open GPG Keychain and drag your sec/pub key to your desktop.4 Export public key and view it in text form There are many ways to solve key distribution - be creative or ideally use the key servers. In case you do not use key servers, consider uploading your public key file and link to that file in your email signature. Why not add your key fingerprint to your email signature? That way you can establish trust and should your key setup ever change, your contacts will have an easy time identifying the change.
Subject and message body are filled with an explanatory text, informing the recipient how to handle your public key. 2 Email public keyįrom the menu bar select Key > Mail Public Key… ( ⇧⌘M)Ī new draft with your public key attached is created. That way it is easy for your friends to retrieve your public key. We recommend uploading and verifying your key. Your friends public keys are listed as pub. Your own key is listed in bold and Type column shows sec/pub. After creating your key GPG Keychain lists both your public and secret key.