Many of us would like to protect our data stored in files, emails, online and elsewhere. The point is, that with the kind of investigative eyes on user data worldwide, we need a robust mechanism that does not leak. One of those mechanisms is PGP – Pretty Good Privacy. Pretty Good Privacy or PGP as it is known is now property of Symantec Corporation, but we have it’s open source equivalent called GNU Privacy Guard or GPG or GnuPG. Both systems can be used interchangeably. Over time, I will explain how it all fits together, but for now, we go with creating a key pair for ourselves.
The security in GPG or GnuPG comes from the fact that the user creates a key pair. This key pair can be used to encrypt and sign (guarantee your identity) to others when you communicate with them over email.
Explained herein is the procedure for generating a GPG key pair (public and private key) for your own use.
With these keys, you can sign and also achieve encryption for your own email communications, files or folders. GPG is also used by gajim, an internet messaging client that supports GPG for traffic encryption. You can also use your generated keys on an Android device using APG (Android Privacy Guard) that supports file encryption as well as email signing and encryption with K-9 email. You can visit above link after you have generated your key pair and know how to use GPG.
By default, GnuPG or gpg is also available on all Linux platforms. Therefore, no installation is required. However, if you are using Windows, then you need to download GPGWin (http://www.gpg4win.org) to enable GPG on Windows.
Generate your GnuPG key pair
$ gpg --gen-key <enter>
You will then see the following displayed (Shown in Green and note that you need to enter the items in RED):
gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096 <enter>
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Thursday 22 October 2015 04:26:48 PM IST
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: John N. Doe
Email address: john.doe@emaildomain.com
Comment: <enter>
You selected this USER-ID:
"John N. Doe <john.doe@emaildomain.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
Enter a good password when prompted for one.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 139 more bytes)
.+++++
....+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
......................+++++
gpg: key 3949C65A marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2015-11-23
pub 4096R/3949C65A 2014-11-28 [expires: 2015-11-28]
Key fingerprint = 3C2E 8E0B 4D67 E7CB ABF9 1E83 7C28 6621 3949 C65A
uid John N. Doe <john.doe@emaildomain.com>
sub 4096R/F0F04E4E 2014-11-28 [expires: 2015-11-28]
You are done. Now you have generated a private key and a public key for your self. In the above, the key with ID 3949C65A is the public key and key ID F0F04E4E is the secret key.
List the secret keys see this post
List all the public keys see this post
In the next posts, we will show how to:
- Export the keys for safekeeping
- Generate a revocation certificate to revoke the key if it gets lost or compromised;
- Send your public key to a PGP Key Server for others to retrieve;
- Receive other people’s public key from a key server into your key ring.
askmeaboutlinux 