Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Generating Your Keys

Before you can send or receive any data encrypted by or for you specifically, you need to generate a pair of keys, one private and one public. This is done by calling the GnuPG tool with the --gen-key command. If this is your first time using GPG (let's assume that it is), GPG will simply create the $HOME/.gnupg directory on its first run. You must then call it a second time with the --gen-key argument to continue. The second time, your keys will be generated after GPG asks you a series of questions. Simply answer all of them with the default answers for now, providing personal information where required.

$ gpg --gen-key
Please select what kind of key you want:
  (1) DSA and ElGamal (default)
  (2) DSA (sign only)
  (4) ElGamal (sign and encrypt)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
       minimum keysize is 768 bits
       default keysize is 1024 bits
  highest suggested keysize is 2048 bits
What keysize do you want? (1024) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
     0 = key does not expire
   <n> = key expires in n days
   <n>w = key expires in n weeks
   <n>m = key expires in n months
   <n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? y

You need a User-ID to identify your key; the software
constructs the user id from Real Name, Comment and
Email Address in this form:
  "Heinrich Heine (Der Dichter) <heinrichh@dusseldorf.de>"

Real name: Joe User
Email address: joe@mynet.net
Comment: PGP Rules!
You selected this USER-ID:
  "Joe User (PGP Rules!) <joe@mynet.net>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.

Enter passphrase:
Repeat passphrase:


Be sure to choose a good passphrase for your private key. The same rules which apply to good password selection also apply here; use at least one numeric digit, avoid using words or combinations of whole words, and definitely avoid using any personal information about yourself that might be obvious. Birthdays, last names, children's names, weight, favorite actor or actress, and so on are bad ideas because they are easy to guess.

At this point, GPG will set about trying to generate your keys. However, it needs a small but steady stream of random numbers in order to do this. It normally gets these from the /dev/random device in Linux, but this device requires "entropy" in the form of system activity to work reliably. You may see a message like this one:

Not enough random bytes available. Please do some other
work to give the OS a chance to collect more entropy!

If this occurs, moving the mouse around or hitting the Shift or CTRL keys a few times will usually generate the entropy needed to finish the task. Eventually, you'll be told that GPG has successfully created your keys:

public and secret key created and signed.

You're now ready to begin learning to use GPG.

  • + Share This
  • 🔖 Save To Your Account