You want to start using GnuPG for more sophisticated operations, such as encrypting and signing files for other parties to decrypt.
Generate a GnuPG keypair:
$ gpg --gen-key
then set a default key if you like [Recipe 7.8] and you're ready to use public-key encryption.
We strongly recommend you also create a revocation certificate at this time, in case you ever lose the key and need to tell the world to stop using it. [Recipe 7.22]
Public-key encryption lets you encrypt a file that only a designated recipient can decrypt, without sharing any secrets like an encryption password. This recipe discusses just the initial setup.
First you need to generate your very own GnuPG keypair, which consists of a secret (private) key and a public key. This is accomplished by:
$ gpg --gen-key
You'll be asked various questions, such as the key size in bits, key expiration date if any, an ID for the key, and a passphrase to protect the key from snoopers.
First you'll be asked to choose the type of key. For most purposes simply choose the default by pressing RETURN:
Please select what kind of key you want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection? <return>
Next, choose how many bits long the key should be. Longer keys are less like to be cracked. They also slow down encryption and decryption performance, but on a fast processor you aren't likely to notice. Choose at least 1024 bits.
DSA keypair will have 1024 bits. About to generate a new ELG-E keypair. minimum keysize is 768 bits default keysize is 1024 bits highest suggested keysize is 2048 bits What keysize do you want? (1024) 2048
Next specify when the key should expire. For average use, a permanent key is best:
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) <return> Key does not expire at all Is this correct (y/n)? y
But if your key should expire, choose a lifetime and you'll see:
Key expires at Fri 19 Apr 2002 08:32:24 PM EDT Is this correct (y/n)?
Next, choose a unique identifier for your key. gpg constructs an ID by combining your name, email address, and a comment.
You need a User-ID to identify your key; the software constructs the user id from Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <email@example.com>" Real name: Shawn Smith Email address: firstname.lastname@example.org Comment: My work key You selected this USER-ID: "Shawn Smith (My work key) <email@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
Next, choose a secret passphrase. Your key will be stored encrypted, and only this passphrase can unlock it for use.
You need a Passphrase to protect your secret key. Enter passphrase: ****** Repeat passphrase: ******
Eventually, you will see:
public and secret key created and signed.
which means your key is ready for use. Now you can encrypt [Recipe 7.11], decrypt [Recipe 7.5], sign [Recipe 7.12], and verify [Recipe 7.15] files by public-key encryption.