How to Create Keys for PGP

Just about everyone knows that its important to encrypt your data these days, and there are quite a few ways to go about it. As simple as the concept of encryption sounds - "use a key to encrypt your data" - its not always straightforward to do. Here, we explain the first step, creating your encryption keys.

This how-to describes the method of creating keys for PGP using GnuPG, the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880.

First, get the GnuPG package on Linux:

apt-get install gnupg

To create your keyring, use the following command:

gpg --gen-key

If prompted for the key type, select (1) RSA and RSA (default). Then select the key length. The default key length is 2048, which should be long enough for most applications, although if you're really paranoid (careless) you can make it longer (shorter). After selecting the key length, enter an expiration time (or 0 for a non-expiring key).

Finally, GnuPG will prompt you for your information, which will be used later by applications to determine who's key this is, so be sure to fill out the information accurately.

You may see this message:

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

Not enough random bytes available.  Please do some other work to give
the OS a chance to collect more entropy! (Need 284 more bytes)

In which case you should do exactly as it says. Don't worry, nothing is broken. GnuPG is just trying to create the best (read: most random) possible key for you. One quick way to get the OS working is to run this from a separate command prompt:

find / > /dev/null

Eventually, some info about your keys will be printed out and you'll have two new keys sitting in ~/.gnupg/pubring.gpg and ~/.gnupg/secring.gpg.

And that's it! You have a new key ready to be used for PGP encryption.