Welcome to the Part 1 of GPG/PGP Key series.

What we will learn: In this part we will learn how to generate your first GPG/PGP key and also how to register our key to the GPG keyservers.

Step 1: Install gnupg package

First we need to install the gnupg package so that we have necessary tools to generate your gpg key.

#apt-get install gnupg

Step 2: Generate your key

a) First we will generate a private key by giving following command:

# gpg --gen-key

Now you will be presented with a series of following questions:

Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1

Select (1) or hit “Enter” as your response to the above  question.

DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)

Enter 2048 or hit “Enter” as your response to the above  question.

Please specify how long the key should be valid.
0 = key does not expire
<n>  = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)

Enter “0” or hit “Enter” as your response to the above  question.

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>”

Real name: John Doe
Email address: gpg@abc.com
Comment: My first key

Enter your name: John Doe

Enter your email address:  gpg@abc.com

Enter your comment: My first key

You selected this USER-ID:
“John Doe (My first key) <gpg@abc.com>”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?O

Enter “O” (Capital O) or hit “Enter” as your response to the above question, if you find everything Okay.

You need a Passphrase to protect your secret key.

Enter passphrase:  A brown lazy fox jumps over the wall on a lazy dog

This is a very important step. Enter any password (a tough one is recommended). You can type in sentences with spaces also as shown above as long as you remember them.

Note: A passphrase is just like your password. If you forget this then your keys will be useless. Also if somebody knows your passphrase than they can impostor you and send out malicious message. In such a case you need to revoke your key which we will cover later in the section.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

In order to generate a unique key your system needs a lot of random bytes (i.e. lots of system activity). So at this point of time you should try to run different mix of commands to generate that kind of entropy.  If you fail to do so then you will you see a message like the following:

Not enough random bytes available.  Please do some other work to give the OS a chance to collect more entropy! (Need 283 more bytes)

Note: If you do see the above message (high chances) then don’t panic. Just leave that window as it is and open 2-3 other terminal window and give the following commands in each of them:

#tar -xjvf linux-source-2.6.28.tar.bz2 (you will need to down the sources first)
#du -h /
#ping <some-ip-address>

In my experience the above commands are sufficient to generate the entropy. Once you type these commands the gpg key generation process should continue and you will see the following message:

gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key E4635BBE marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/E4635BBE 2009-03-16
Key fingerprint = EFFD A0E2 CE1F AE59 1813  B1FF 23F6 C874 E463 5BBE
uid                  John Doe (My first key) <gpg@abc.com>
sub   2048g/0AC353C2 2009-03-16

Congratulations! You have successfully created your first GPG key. Now follow the rest of the steps to see how we can actually use them.

Step 3:  Important bits of information

Please note the following information from the above output which will be required as start playing around with gpg keys (as in Step 5).

Key ID: E4635BBE

Real Name: John Doe

E-mail: gpg@abc.com

Key fingerprint: EFFD A0E2 CE1F AE59 1813  B1FF 23F6 C874 E463 5BBE

Step 4: Check if your key was properly generated

Verify if your key was properly generated and installed on your system by giving the following command:

# gpg --list-keys

and you should see the following output:

debian:~# gpg –list-keys
pub   1024D/E4635BBE 2009-03-16
uid                  John Doe (My first key) <gpg@abc.com>
sub   2048g/0AC353C2 2009-03-16

Step 5: Generate a public key

Now we will generate a public version of the private key that we generated just above. You can distribute this key freely to everyone and even post it on your website.

# gpg -armor --output pubkey.txt --export John Doe
# gpg --armor --output pubkey.txt --export gpg@abc.com
# gpg --armor --output pubkey.txt --export E4635BBE

All the above three commands are the same and they will essentially output a file name “pubkey.txt” in the directory from where you gave the above command.

This is how your pubkey.txt file should look like.

Step 6: Send your key to the public server

Instead of sending your key to everybody individually, we can register our key to the GPG keyservers so that anyone can download it without contacting us.  This is high recommended step.

gpg --send-keys --keyserver hkp://subkeys.pgp.net E4635BBE

That’s it.  In next part we will learn how to use the key that we have generated.

Part 2:  Sending and Receiving encrypted files

Be Sociable, Share!