9.4.2. Generate a key
Before you can start encrypting your data, you need to create a
pair of keys. The pair consists of a private and a public key. You
can send the public key to correspondents, who can use it to
encrypt data for you, which you decrypt with your private key. You
always keep the private key, never share it with somebody else, or
they will be able to decrypt data that is only destined for you.
Just to make sure that no accidents happen, the private key is
protected with a password. The key pair is created using this
[email protected]:~$ gpg --key-gen
gpg (GnuPG) 126.96.36.199; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.
gpg: directory `/home/willy.gnupg' created
gpg: new configuration file `/home/willy/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/willy/.gnupg/gpg.conf' are not yet
active during this run
gpg: keyring `/home/willy/.gnupg/secring.gpg' created
gpg: keyring `/home/willy/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n month
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the
user ID from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <[email protected]>"
Real name: Willy De Wandel
Email address: [email protected]
You selected this USER-ID:
"Willy De Wandel (Willem) <[email protected]>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
Now enetr your password. This can be a phrase, the longer, the
better, the only condition is that you should be able to remember
it at all times. For verification, you need to enter the same
Now the key pair is generated by a program that spawns random
numbers and that is, among other factors, fed with the activity
data of the system. So it is a good idea to start some programs
now, to move the mouse cursor or to type some random characters in
a terminal window. That way, the chances to generate a number that
contains lots of different digits will be much bigger and the key
will be more difficult to crack.