Generate and Share a Public Key

Quick Guide to generating a PGP Key Pair

This is a very short and basic guide to generating a PGP key pair.  Doing so will allow you to receive confidential documents from remote collaborators safely.  This wiki page is not meant to be a complete description or even a complete introduction to public key cryptography.  For example, I don't cover the concept of the web of trust at all. 

There are some basic things you should know and consider

  • Your key pair will have a private key and a public key. 
  • You can share the public key freely. 
  • You must never share the private key and should keep it safe.
  • Your private key should have a pass phrase.  You will need to enter the pass phrase when decrypting documents with your key.
  • Your collaborator will encrypt files for you with the public part of your key
  • You will decrypt those files with your private key

Select the Key Type

 

$ gpg2 --gen-key
gpg (GnuPG) 2.0.25; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits

Specify an Expiration for the Key

 

Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 1y
Key expires at Thu 14 Apr 2016 02:41:16 PM EDT
Is this correct? (y/N) y

Specify Your Personal Details

 


GnuPG needs to construct a user ID to identify your key.

Real name: Sad Exy
Email address: sadexy@edx.org
Comment: Testing Key
You selected this USER-ID:
    "Sad Exy (Testing Key) <sadexy@edx.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key E332493A marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2016-04-14
pub   2048R/E332493A 2015-04-15 [expires: 2016-04-14]
      Key fingerprint = 1815 5ECF 4F47 A1E6 EFDE  7142 5CEA 4823 E332 493A
uid       [ultimate] Sad Exy (Testing Key) <sadexy@edx.org>
sub   2048R/B54929A7 2015-04-15 [expires: 2016-04-14]

Export an ASCII Armored Public Key

Public Keys can be distributed as an ASCII text file

gpg2 --export --armor sadexy@edx.org > testing.asc

Export your Key to a Keyserver

Another option for distributing your public key is to send it to a public key sever.  This will allow user to import your key to their key chain easily

gpg --keyserver hkp://pgp.mit.edu --send-key E332493A