In this article, we’ll show you how to create a GPG key on your computer or on your server in order to take advantage of the benefits of public key cryptography. Since cryptography is a very broad topic, this article is limited to showing you how to create a key. However, the basics of using public and private keys is explained in more detail in our article on email encryption.
You can use your GPG key for many operations, but in most cases, these keys are ideal for encrypting and decrypting files and “signing” various items to prove that they came from you. In a typical trust situation, you can prove your item came from you because only you would have access to the private key.
How to Create a GPG Key
- Access your server or local computer via SSH
- At the command prompt type:
- Select your key type, the default is recommended:
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection?
- Select the key size (2048 is the default):
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048)
- Select the expiration of the key:
Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0)
- For example, if you chose 7 days as the expiration, type
7and confirm by typing
Key is valid for? (0) 7 Key expires at Thu 23 Nov 2017 08:38:54 AM EST Is this correct? (y/N)
- Input your name as the “real” name:
You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <email@example.com>" Real name: Joe Example
- Fill in email address to assign to this key:
Real name: Joe Example Email address: firstname.lastname@example.org
- Fill in a comment about this key
Real name: Joe Example Email address: email@example.com Comment: example key
- Select “O” for “Okay” when ready
You selected this USER-ID: "Joe Example (example key) <firstname.lastname@example.org>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit?
- Enter a strong passphrase for this key (this screen may look different on your computer) when prompted
You are almost done. It takes a few moments for the key to produce enough entropy to create itself. Feel free to use your computer to complete other tasks. When complete, you will see a success message in your terminal:
gpg: key 64DBC50F marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 3 signed: 1 trust: 0-, 0q, 0n, 0m, 0f, 3u gpg: depth: 1 valid: 1 signed: 0 trust: 1-, 0q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2017-11-22 pub 2048R/64DBC50F 2017-11-16 [expires: 2017-11-23] Key fingerprint = F0A6 FBC3 6FD0 FDFD EA5A BDF0 E1A3 CFAC 64DB C50F uid Joe Example (example key) <email@example.com> sub 2048R/0AA4A1E4 2017-11-16 [expires: 2017-11-23]
Well done! You now know how to create a GPG key in your computer or your server.