Copy the entire key block including -BEGIN PGP PUBLIC KEY BLOCK-to -END PGP PUBLIC KEY BLOCK-. Open the Kleopatra component. Click Clipboard Certificate Import. A Certificate Import Result dialog box displays. The imported public key now displays under the Other Certificates tab. Importing Your Private Key. Open the Kleopatra.
This instruction will guide you step-by-step through creating OpenPGP public/private key pairs, exporting public keys to key servers, and finding OpenPGP public keys for secure communication with others.
First read the instructions in OpenPGP Best Practices carefully to ensure your system generates a strong key and receives key updates from a well-maintained keyserver. This will require to make changes to the gpg.conf configuration file, which is located in different places depending on your operating system. In Linux it is located in
~/.gnupg/gpg.conf .
Using GNOMEâs GUI frontend: SeahorseWhat is Seahorse?
Seahorse is a GUI tool for creating and managing OpenPGP keys, securely storing passwords, and creating and managing SSH certificates. It uses GPG as the back-end OpenPGP implementation.
Create and export an OpenPGP Public/Private Key pair
Your public key is now published on the key servers and is accessible to others!
Find or import someone elseâs OpenPGP Public Key
If you want to communicate with others securely or encrypt data that only they can read, you first need to import their public key into your keyring. Note: The John Q. Alias key is used as an example key for generating a key above and also for importing a key below; in the case of importing, it is used to refer to the person for whom youâre searching, not yourself.
Import from a key file
If someone exports their key to a file and sends it to you, you can import it into your keyring via Seahorse by:
The key that was stored in the key file has now been imported into your keyring!
Searching on keyservers
Their public key has now been imported into your keyring!
Verifying a key
Anyone can publish a key on a keyserver. For example, for a fun trick, try searching for Edwards Snowdenâs key. There are many, many keys! Before you start using a key, you should verify the keyâs fingerprint with the individual with whom you wish to communicate. You should not do this by email! The best practice is to verify the fingerprint in person. At a minimum, you should use voice/video to confirm that you have the right key. To verify the fingerprint, you can use the following steps:
After you have carefully reviewed the fingerprint and verified its accuracy with the owner of the key, you may sign their key with your key. To do this:
You can now begin encrypting data that can only be decrypted by the key owner and establish a secure communication line between you and the key owner!
Using the Linux command line
This is based on the Ubuntu GPG Howto
Ensure that you have already set the right defaults
Please first review the OpenPGP Best Practices guide to ensure that you have set your defaults correctly. Do this before proceeding!
Generate an OpenPGP Key pair using GPG
Press Alt+F2 and type:
gnome-terminal and then press enter
In the terminal, type:
gpg --gen-key which should return a menu similar to this:
Select the type of key you want. RSA and RSA is the recommended type. (sign only) keys cannot be used for encryption.
Next, enter the key size you want. 3072 is recommended.
Then enter the length of time that you would like the key valid for and then press y to confirm the expiration date. If you select 0, the key does not expire and will require to be revoked when you no longer wish to use it. It is recommended - to have your key expire within no more than 2 years.
Enter your name, email address. It is not recommended to use a comment. Your name and email address can be anything you want, not necessarily your real name or email address. If you want to use your OpenPGP key for encrypting email, put the email address you want to use with encryption in the âEmail addressâ prompt.
Now enter a strong password that you can remember. If you forget this password, it cannot be recovered and any encrypted data you have using it, including emails, will be permanently inaccessible. Hit enter when complete to begin generating the key.
Your OpenPGP public/private key pair has been generated!
List your keys
You can use this command to list your keys:
gpg --list-secret-keys
This should output data in a format like this:
Any reference to your KEY-ID below can be found using the first command and looking at the output. The line youâre looking at to find the KEY-ID is the sec line of each of the entries). The line contains sec, the key strength and type abbreviation (4096R in the first line), a slash, the KEY-ID, and then the creation date. The codebox below highlights the KEY-ID:
So for this example, the KEY-ID would be E361D8GH916EFH89.
However, as discussed here you should not rely on the keyid! Instead, you should use your full fingerprint for all operations.
Export/Publish your public OpenPGP Key
Youâve just exported your ASCII armored OpenPGP public key to the file mykey.asc in the folder you were in (your home directory, if you opened a new terminal). Now you can send the key to whomever you want to be able to encrypt files to you.
Publish your OpenPGP public key to a Key server
At this point, you can publish your public key to a key server where people can request it remotely to be able to send encrypted data and emails to you.
The windows version of this guide is out-of-date. If you are a windows user, you can help us update it! Please see our github repository for our help pages to learn how
It is not recommended to use Windows as a secure communication platform. While Windows can be locked down to provide a more secure environment than is provided by default, the tendencies in Windows lean towards very lax security. There is also a multitude of pre-built exploits for windows that make it easier for attackers to compromise. Here are some bullet points against using windows for secure communications:
To ensure a secure communications platform, itâs recommended to install a GNULinuxfree softwaredistribution, like Debian (recommended), Ubuntu (beware privacy issues) or a derivate.
Install Gpg4win
Gpg4win is the recommended OpenPGP implementation for windows. It is Free Software, licensed under the GPL, with the source code available for modification or scrutiny.
Gpg4win is now installed and ready to use!
Create and Export an OpenPGP Public/Private Key pair
Kleopatra seems to be the more recent and more polished of the two Gpg4win key manager GUI frontends on Windows, so this guide recommends using that.
Create Public Pgp Key
Your key pair is now finished! From here, you can do one of the following:
It is recommended to upload the certificate to a directory service. This will upload your public key to a key server where it can be used by others to encrypt data and emails that only you can decrypt.
Find or Import someone elseâs OpenPGP Public Key
If you want to be able to communicate with someone securely or encrypt data that only they can read, you need to import their public key into your keyring first.
Import from a key file
If someone exports their key to a file and sends it to you, you can import it into your keyring via Kleopatra by:
The key that was stored in the key file has now been imported into your keyring!
Find on the key servers
Their public key has now been imported into your keyring! Once you have verified the fingerprint (see above about why this is important), you may sign the key.
Sign their key (Certify their Certificate)
To do this,
How To Generate Pgp Key
You have now signed their key (certified their certificate) and are ready to begin encrypting data or emails that only they can decrypt!
Unfortunately we have no MacOS version of this guide. If you are a MacOS user, you can help us update it! Please see our github repository for our help pages to learn how
It is not recommended to use Mac OS X as a secure communication platform. While there are fewer exploits and a better security model than windows, OS X has demonstrated a poor security patch speed in the past and has a large quantity of proprietary software and packaging, making it not capable of scrutiny for efects, back doors, or anything that âphones homeâ. Furthermore, it offers features that can be exploited by hackers or abused by governments or corporations. Some bullet points about OS X security:
To ensure a secure communications platform, itâs recommended to install a GNULinuxfree softwaredistribution, like Debian (recommended), Ubuntu (beware privacy issues) or a derivate.
![]()
A lost SSH public-key or a web service generates an SSH key but does not provide the public-key part to you. What to do now? There is a solution for this situation.
When you have an SSH key you need the public key to setup SSH passwordless login with SSH-key. But if you have lost the public key part but still have the private key, there is a way to regenerate the key.
With the public key missing, the following command will show you that there is no public key for this SSH key.
Pgp Generate Public Key From Private Key Ssh
The -l option instructs to show the fingerprint in the public key while the -f option specifies the file of the key to list the fingerprint for.
To generate the missing public key again from the private key, the following command will generate the public key of the private key provided with the -f option.
The -y option will read a private SSH key file and prints an SSH public key to stdout. The public key part is redirected to the file with the same name as the private key but with the .pub file extension. If the key has a password set, the password will be required to generate the public key.
To check the details of the generated public key execute the following command as shown above.
The output of this command shows the key size as the first column, the fingerprint as the second column and after the file name, the type is shown in brackets. In the example above, a 4096 bit RSA key.
Read more of my posts on my blog at http://blog.tinned-software.net/.
![]() Symmetric KeyRelated posts:Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |