This article covers how to generate keys in GnuPG, and is part of a series in communications security.

Note on Exiting

If at any point after you’ve finished running a command or a set of commands in GnuPG, you are still within the GPG shell (for example, if you enter a command and get a response saying the command doesn’t exist), then type in quit to quit out of the GPG shell.

Install GnuPG from http://www.gnupg.org/download/.

On Linux GnuPG is likely installed, if not it should be in the repositories.

Creating Your Key

Open up a terminal, and run the command

gpg --gen-key

First you will be prompted to select a type of key. The defaults will likely be fine, so press enter.

You will then be prompted to select a key size. Once again, the default is probably acceptable.

Now you need to select how long your key will be valid. The default option is that the key will never expire, and is likely the best option. If you are doing something with the key that means you will only need it for a limited amount of time, then it is useful to give the key an expiration date, so that once the is no longer useful you don’t have to worry about it being compromised.

Once you have entered the length of time you want the key to last, hit enter. When prompted if the key is correct, hit ‘y’ then hit enter again.

Next you will be prompted to enter your full name. Do so, and then hit enter to continue. Do the same for your email address. If you have multiple email addresses you wish to use with GnuPG, just select one of them. Later you can come back and add as many email addresses as you desire.

Next you can enter a comment if you desire. Once you have entered a comment, or left it blank, hit enter to continue.

If all of your data shows as having been entered correctly, then hit the ‘o’ key and then the enter key.

You will now be prompted to enter a passphrase. When you are deciding what passphrase you are going to use, keep in mind that this key is going to be used to verify your identity, so a long passphrase is recommended. A general rule is to use at passphrase of at least 15 characters, with letters, numbers, special characters, and no identifiable patterns. Personally, I made mine substantially longer. Make sure that you either remember this passphrase, or store it in a secure way, such as using Keepass.

Now GnuPG needs to collect random bytes in order to seed the random number generation. In order to help GnuPG do this, do some other things on your computer, like typing or playing a game, anything so long as you enter random input. After a while, the keys will finish generating, and the program will exit.

Checking that Your Key was Created

To see that your key was entered, use the command

gpg --list-keys

You should see your name by an email address in brackets.

Adding Emails

If you have additional emails you need to add, then you can do so with the command

gpg --edit-key keyid

where keyid is a part of the name you entered when you created the key, or the key id (Finding Your GnuPG Key ID).

If this works, you should be dropped into a new shell. It should look like

Command

Now enter the command

adduid

You will now be prompted for your name, then email, then for a comment, just as you were when you initially generated your key. Once you’ve correctly entered this information, enter ‘O’ to accept the new user. You will then be prompted for your passphrase.

Having added the new email and name, check to make sure that everything worked by using the command

gpg --list-keys

Ensure that the information you just added shows up.