This tutorial will explain how to generate a GPG key for use in both encrypted and authenticated email communication. When I went through this process in July to regenerate my key I followed the instructions from Ana's Blog: Creating a new GPG Key I've adapted them here for users new to GPG.
What is GPG?
Why would someone wish to use GPG? GPG provides means to encrypt and authenticate communication. Signing keys allow individuals to authenticate themselves to others; encryption keys allow others to send private messages to individuals. Combining these two concepts allows two individuals to communicate in private, and be assured of the identity of the other individual.
Almost surely individuals in today's world will never meet every individual with which they communicate via email. This poses a problem: How does one authenticate an individual with whom they have not met? GPG solves this problem with the web of trust. The web of trust depends upon users to verify each others' identity. As the web grows, and approaches a clique (see: http://en.wikipedia.org/wiki/Clique_(graph_theory)), the number of intermediaries between two arbitrary users will approach zero.
GPG's WoT relies upon this to determine the level of trust assigned to a user (from your perspective). If you trust several users, and these users trust a third party whom you have not met, you can assign some trust to this third user by relying upon the judgment of the several users you trust.
I will discuss signing practices at the end of this post.
Setting Signing Preferences
As the SHA-1 hash algorithm is rapidly approaching a state where it is no longer strong enough for general use, it is desirable to avoid using SHA-1 to sign outgoing messages. To do this:
rescriva@laptop:~$ mkdir .gnupg rescriva@laptop:~$ cat >> .gnupg << EOF > personal-digest-preferences SHA256 > cert-digest-algo SHA256 > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed > EOF
This tells GPG that it should prefer SHA512, SHA384, etc. before defaulting to SHA1.
Generating an RSA Signing Key
In this section we will generate an RSA signing key of size 4096 bits. We are avoiding DSA as it cannot work with our more secure hash schemes (SHA512, etc.). Be sure to set an expiration date. I choose 6 years on all of my keys. I can issue a revocation certificate if the key becomes compromised (or my email address ceases to exist); however, if I lose the key (careless harddrive formatting) I cannot generate such a certificate. Thus it is handy to have an expiration date so that people do not try contacting me indefinitely.
When choosing a passphrase, select a secure phrase known only to you. Twelve characters is the minimum; my passphrase is more than twenty characters. Do not hesitate to use spaces to make your passphrase more memorable:
rescriva@laptop:~$ gpg --gen-key
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: keyring `/home/rescriva/.gnupg/secring.gpg' created
gpg: keyring `/home/rescriva/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 5
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed 23 Sep 2015 01:53:53 PM EDT
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
Real name: Robert Escriva
Email address: notmyemail@robescriva.com
Comment:
You selected this USER-ID:
"Robert Escriva <notmyemail@robescriva.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
Enter passphrase:
Repeat passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)
..............+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 175 more bytes)
................+++++
gpg: /home/rescriva/.gnupg/trustdb.gpg: trustdb created
gpg: key 05DF74B6 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2015-09-23
pub 4096R/05DF74B6 2009-09-24 [expires: 2015-09-23]
Key fingerprint = 605E B799 A84E 125D 76B1 7232 CF53 8113 05DF 74B6
uid Robert Escriva <notmyemail@robescriva.com>
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
Add a secondary email
I use several emails from which I send mail regularly. I prefer to sign my outgoing mails using the same key. For convenience, GPG allows you to add several UIDs (user IDs) to a signing key so that you can use that key from multiple email accounts. This section shows how to add such an ID.
Note that your key will not be 0x05DF74B6. Substitute your key ID in it's place (you can find this by looking at the last few lines of output from the last command):
rescriva@laptop:~$ gpg --edit-key 0x05DF74B6
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). Robert Escriva <notmyemail@robescriva.com>
Command> adduid
Real name: Robert Escriva
Email address: notmyotheremail@robescriva.com
Comment:
You selected this USER-ID:
"Robert Escriva <notmyotheremail@robescriva.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a passphrase to unlock the secret key for
user: "Robert Escriva <notmyemail@robescriva.com>"
4096-bit RSA key, ID 05DF74B6, created 2009-09-24
Enter passphrase:
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1) Robert Escriva <notmyemail@robescriva.com>
[ unknown] (2). Robert Escriva <notmyotheremail@robescriva.com>
Command> save
You can set your preferred UID within GPG. This is only necessary if you added a secondary email:
rescriva@laptop:~$ gpg --edit-key 0x05DF74B6
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). Robert Escriva <notmyemail@robescriva.com>
[ultimate] (2) Robert Escriva <notmyotheremail@robescriva.com>
Command> uid 1
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1)* Robert Escriva <notmyemail@robescriva.com>
[ultimate] (2) Robert Escriva <notmyotheremail@robescriva.com>
Command> primary
You need a passphrase to unlock the secret key for
user: "Robert Escriva <notmyemail@robescriva.com>"
4096-bit RSA key, ID 05DF74B6, created 2009-09-24
Enter passphrase:
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1)* Robert Escriva <notmyemail@robescriva.com>
[ultimate] (2) Robert Escriva <notmyotheremail@robescriva.com>
Command> save
Generate an RSA encryption Key
To be able to receive encrypted email, you must have an encryption key. The steps are similar to the process used to create your signing key. Pay close attention to the options in this section. Again, I used an expiration date of six years into the future:
rescriva@laptop:~$ gpg --edit-key 0x05DF74B6
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
[ultimate] (1). Robert Escriva <notmyemail@robescriva.com>
[ultimate] (2) Robert Escriva <notmyotheremail@robescriva.com>
Command> addkey
Key is protected.
You need a passphrase to unlock the secret key for
user: "Robert Escriva <notmyemail@robescriva.com>"
4096-bit RSA key, ID 05DF74B6, created 2009-09-24
Enter passphrase:
Please select what kind of key you want:
(2) DSA (sign only)
(4) Elgamal (encrypt only)
(5) RSA (sign only)
(6) RSA (encrypt only)
Your selection? 6
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 6y
Key expires at Wed 23 Sep 2015 02:52:06 PM EDT
Is this correct? (y/N) y
Really create? (y/N) y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..........+++++
Not enough random bytes available. Please do some other work to give
the OS a chance to collect more entropy! (Need 36 more bytes)
......+++++
pub 4096R/05DF74B6 created: 2009-09-24 expires: 2015-09-23 usage: SC
trust: ultimate validity: ultimate
sub 4096R/AE5B0014 created: 2009-09-24 expires: 2015-09-23 usage: E
[ultimate] (1). Robert Escriva <notmyemail@robescriva.com>
[ultimate] (2) Robert Escriva <notmyotheremail@robescriva.com>
Command> save
Sharing your Key
This section is optional. Some people feel that not publishing your key increases security. I disagree, and feel that there is no use having a public key if I do not make it public. I publish my keys with the following command:
gpg --keyserver pgp.mit.edu --send-key 0x05DF74B6
Note that this command does not publish the private portion of the key (used for signing) and only publishes the portion necessary to verify your signatures.
Participating in a Signing Party
It is common for individuals to hold signing parties, at which they verify each others' identities and then (at a later point) sign each other's public keys.
To participate in a party, you should prepare a key in advance. It is important that the key is done in advance in order to assure the integrity of the key.
Here are the steps to take before the signing party:
- Generate a key and make it publicly accessible (publish it on the key server if this does not bother you).
- Prepare written copies of your key, including your ID, and key fingerprint.
You can fetch the information to be given to other party-goers with:
rescriva@laptop:~$ gpg --fingerprint 0xCC924A24
pub 4096R/CC924A24 2009-07-09 [expires: 2015-07-08]
Key fingerprint = A6D0 6F76 4C4A F865 572F 9F42 24EA 8BF2 CC92 4A24
uid Robert Escriva <redacted>
sub 4096R/D0EBC46E 2009-07-09 [expires: 2015-07-08]</code></pre>
Note that in this example I used my actual GPG key ID (but redacted my email to avoid spam). Also note that you should have one copy of this information for each person you will give your key to.
Here are the items to bring to the signing party:
- Two forms of Photo ID (I use NYS Driver's License and School ID).
- Pieces of paper with at minimum: your name, email, and fingerprint.
- Do not bring your computer.
Bringing a computer is bad etiquette for a signing party. The reasons will not be discussed here.
Here are the steps to take during the signing party:
- Pair up with each participant. Verify the namex on the photo ID and the piece of paper match. Mark on the paper what degree of trust you have in the individual (none, marginal, full). Note that level of trust is the extent to which you believe them to be the identity they present, not the level to which you trust their character.
- Securely store the pieces of paper which you collect.
Here are the steps to take after the signing party:
For each key, fetch the key from the keyserver. Using a GUI like Seahorse makes this easy. My preferred way to do it is simply:
gpg --keyserver subkeys.pgp.net --recv-keys <id>For each key, you can sign the key using:
gpg --sign-key <id>For each key, export (to a keyserver) the key using:
gpg --keyserver subkeys.pgp.net --send-keys <id>
Occasionally a user may request that you email them the signature instead of exporting it to the keyserver. It is proper etiquette to honor such a request.
Conclusion
This was a (not so) brief introduction to everything necessary to get up an running with GPG. For help installing GPG, Google can help better than myself (Ubuntu/Fedora/Debian have GPG by default). For help with anything discussed here, import my key (gpg --keyserver hkp://pgp.mit.edu --recv-keys 0xCC924A24), and enter the fingerprint command given above to find my email.
There are many topics not touch upon (including a proper introduction to public key cryptography). I'm assuming that you've learned about these topics before reading this article.