GNUPG: High Level Cryptography by The Golden Keys Team - HTML preview

PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub, Kindle for a complete version.

 CHAPTER 7

 

 Create a key pair

 

A key pair is the basic element of public key cryptography and it consists of a private key and a public key. They are necessary for you to communicate securely with other users. Here we explain how to create a key pair in three different ways: text mode (works in both systems) and graphical mode (separate versions for Microsoft Windows and *NIX systems).

 

7.1 Text mode

 

1 – Start GnuPG key generation wizard

 

Type the command below to start the GnuPG key generation wizard.

 

img29.png

2 – Choosing the key type

 

The first step is to choose the type of key you want. We will choose the first option which is the default option, RSA and RSA. Enter 1 and press. img30.png

 

img31.png

 

3 – Choosing the key length

 

Now you will choose the length of your key. As a general rule, the larger the length of the key, the more secure and harder it is to crack it, so we will choose 4096 bits which is the maximum allowed. Enter 4096 and press. img30.png

 

img32.png

 

4 – Choosing the expiry of the key

 

The key may have an expiry that ranges from days until years, or simply not have any expiry at all. To create a key with expiry just follow the example below:

 

img33.png

 

You can choose the period that is more adequate to your needs by following this pattern, just change the values accordingly. It is always possible to change the values later.

 

In our case we will make a key without expiry, so enter 0 (zero) and then press Y to confirm.

 

img34.png

 

5 – Entering personal data of the key

 

Here you will enter your data as shown below. They will be used to create your key and will be associated with it. The comment is optional.

 

If you have more than one e­mail address you can associate them later to your key, instead of having to create a new key pair for each e­mail address. When you finish type O (letter O) and press img35.png to confirm.

 

img36.png

 

6 – Entering your password

 

This is one of the most important steps of the whole process. The strength and security of your key are directly related to your password. There is no point in using the best encryption system in the world if you use a weak password, so choose a VERY STRONG password!

 

Enter your password twice and press img37.png Depending on how GnuPG is set up in your system you may have to type your password on the terminal or in a new window. If you type it in the terminal it does not show up while you type.

 

img38.png

7 – Generating a new key

 

Now that you entered all your data GnuPG will generate a new key. To generate a really secure key it needs unexpected data chains, and the best way to obtain it is realizing diverse activities during this process.

 

Try opening and closing some heavy programs, move the mouse cursor a lot, or open a text editor and type many random text.

 

This process takes about 5 minutes, so have patience. During this time GnuPG may show text similar to the image below.

 

img39.png

 

8 – Key generated

 

Congratulations, you have just created your first key pair! :)

 

img40.png

 

9 – Verify your key

 

To verify your key just type the command below:

 

img41.png

 

If you did everything correctly you should see a summary of your key on the screen, include ing the key's fingerprint, which is a unique code that only this key in the world has. When you send your public key to other people, the only way they can be certain that the key they received is yours and was not twisted along the way is by confirming the key's fingerprint with you.

 

7.2 Microsoft Windows

 

1 – Open Kleopatra

 

Open Kleopatra and click on File  → New Certificate, or press img42.png

 

img43.png

 

2 – Choose the first option

 

Choose the first option 'Create a personal OpenPGP key pair'.

 

img44.png

 

3 – Enter basic details of your key

 

Here you will enter your basic personal details which will be part of your key and will be visible to anyone who has your key. The name and e­mail address are required, while the comment is optional. When you are done click on Advanced Settings button.

 

img45.png

 

4 – Set advanced settings

 

Here you will set the advanced settings of your key.

 

Key Material: Select RSA as the key type and set the key length to 4,096 bits.

 

Certificate Usage: Check options Signing and Encryption.

 

Valid until: You can define any value you want. Uncheck it if you want no validity.

 

When you are done click on OK button. You will return to the previous screen. Just click Next to proceed.

 

img46.png

 

5 – Review details

 

Review all details that will be part of your key. If you would you like to change anything just click on the Back button, otherwise click on Create Key button to create your key.

 

img47.png

 

6 – Choose a password

 

This is one of the most important steps of the whole process. The strength and security of your key are directly related to your password. There is no point in using the best encryption system in the world if you use a weak password, so choose a VERY STRONG password!

 

img48.png

 

7 – Wait for the key creation

 

During the key creation process it is necessary to generate random numbers, so it is important that you do activities that stimulate this process, such as typing on the keyboard, moving the mouse, opening and closing programs, etc.

 

Kleopatra offers a white space where you can type whatever you want on it to stimulate this process. It does not matter what you type because it will not be considered on the key creation and will not be part of it.

 

img49.png

 

8 – Confirmation

 

Congratulations, you have just created your first key pair! :)

 

A confirmation window will show up showing your key's fingerprint, which is a unique code that only this key in the world has. When you send your public key to other people, the only way they can be certain that the key they received is yours and was not twisted along the way is by confirming the key's fingerprint with you.

 

You can choose any of the three options suggested below, or just finish the process. We will finish the process, so click on Finish button.

 

img50.png

 

9 – Verify your key

 

Now you will notice that your recently created key appears in Kleopatra.

 

img51.png

Every time you want to check details about your key, or make changes in it, just select your key and click with right button of the mouse on top of it and select Properties in the menu.

 

7.3 *NIX systems

 

1 – Open Seahorse

 

Open Seahorse and click on File  → New Certificate, or press img52.png

 

img53.png

 

2 – Choose PGP Key option

 

img54.png

 

3 – Enter basic details of your key

 

Here you will enter your basic personal details which will be part of your key and will be visible to anyone who has your key. The name and e­mail address are required, while the comment is optional. When you are done click on Advanced key options.

 

img55.png

 

4 – Set advanced details

 

Here you will set the advanced settings of your key.

 

Encryption Type: Select RSA.

 

Key Strength (bits): Set the key length to 4096.

 

Valid until: You can define any value you want. Uncheck it if you want no expiry.

 

When you are done click on Create button to create your key.

 

img56.png

 

5 – Choose a password

 

This is one of the most important steps of the whole process. The strength and security of your key are directly related to your password. There is no point in using the best encryption system in the world if you use a weak password, so choose a VERY STRONG password!

 

img57.png

 

7 – Wait for the key creation

 

During the key creation process it is necessary to generate random numbers, so it is important that you do activities that stimulate this process, such as typing on the keyboard, moving the mouse, opening and closing programs, etc.

 

img58.png

 

8 – Confirmation

 

Congratulations, you have just created your first key pair! :)

 

Now you will notice that your recently created key appears in Seahorse.

 

img59.png

 

Every time you want to check details about your key, or make changes in it, just select your key, right­click it and select Properties in the menu.