Notice:
This post is older than 5 years – the content might be outdated.
This is the first part of the OpenPGP blog series. It briefly explains how to generate a new GnuPG key that can be used for encryption, signing and authentication.
What is GnuPG?
GnuPG is the open implementation of the OpenPGP standard defined in RFC 4880. GnuPG allows you to encrypt and sign data and to authenticate. It is written in C and has been initially released in 1999.
In public key cryptography you have a key pair consisting of a public and a private key. The public key can be used by others either to verify signatures made with your private key or to encrypt data that can only be decrypted with your private key.
Generally encryption protects data against being read by unintended recipients and signing provides data integrity and proves data has been signed by a specific key. It neither proofs when the data has been signed nor that the key belongs to the pretended user ID.
Subkeys
GnuPG supports different actions for a key. The Certify capability is used to modify your own or someone else’s key (e.g. by signing someone else’s key, creating subkeys, adding/revoking a user ID, changing the expiration date or generating revocation certificates). The Encrypt, Sign and Authenticate capabilities are used for encrypting and signing data or authentication.
By default, the primary key has the Certify and the Sign capabilities. The Encrypt capability is provided by a subkey. Subkeys are bound to the master key pair.
It is recommended to use your primary key only for certification and keep it offline while using different subkeys for the remaining capabilities of daily use. This way, if your subkeys get compromised, you can revoke your subkeys independently of your primary key.
Preparations
Before a key can be generated, first you need to configure GnuPG.
First of all make sure to use gpg 2.1.18 or later. You can check your gpg version as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
$ gpg --version gpg (GnuPG) 2.2.11 libgcrypt 1.8.4 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/jdoe/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 |
Additionally ensure your ~/.gnupg/gpg.conf contains at least the following options to avoid some information leakage and to use strong algorithms.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
keyserver-options include-revoked keyserver-options no-honor-keyserver-url no-comments no-emit-version personal-digest-preferences SHA512 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed |
Generate the primary key
Now you can generate the primary key:
|
1 |
$ gpg --expert --full-gen-key |
Key algorithm
First you have to decide which key algorithm to use. Basically, you can choose between RSA, DSA and ElGamal along with ECC.
Choose RSA here for compatibility reasons, because it is widely used, well known and most smart cards (like OpenPGP card or YubiKey) only support RSA at the moment.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (9) ECC and ECC (10) ECC (sign only) (11) ECC (set your own capabilities) (13) Existing key Your selection? 8 |
Key capabilities
The next step is to remove the Sign and Encrypt action from the primary key and only keep the Certify action:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Sign Certify Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? s Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Certify Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? e Possible actions for a RSA key: Sign Certify Encrypt Authenticate Current allowed actions: Certify (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? q |
Key size
You should use a key size between 2048 and 4096 bits. For the master key it is preferable to use 4096 bits.
|
1 2 3 4 5 |
RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) 4096 Requested keysize is 4096 bits |
Expiration
The expiration date for a key is the dead man’s switch to ensure your key will be disabled in case you loose access to your primary key and your revocation certificate. Signatures and encrypted files created after the expiration date should be considered as untrusted. The expiration date can be extended, even after the key has already expired. In order to avoid updating the key too often, choose 2 years here.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Sun 03 Jan 2021 13:38:47 CET Is this correct? (y/N) y |
User ID
If you want to create an ‚official‘ key use your first and last name along with a valid email address, so your user ID can be validated against your ID card and your key can be signed by others. It is recommended to not use a comment in your user ID (see OpenPGP User ID Comments considered harmful for reasoning). Note: user IDs are immutable, hence cannot be changed but only revoked.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
GnuPG needs to construct a user ID to identify your key. Real name: John Doe Email address: john.doe@example.com Comment: You selected this USER-ID: "John Doe <john.doe@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o |
Passphrase
Before the key can be generated, you have to choose a passphrase. See here on how to choose a secure password.
Key generation
|
1 2 3 4 5 6 7 |
We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. |
The new primary key
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
gpg: key 0x5A24FA122E623651 marked as ultimately trusted gpg: directory '/home/jdoe/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/home/jdoe/.gnupg/openpgp-revocs.d/F5890F08068C5251DEC5CB915A24FA122E623651.rev' public and secret key created and signed. pub rsa4096/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03] Key fingerprint = F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651 uid John Doe <john.doe@example.com> |
Some remarks:
- You have control over the primary secret key, hence it is ultimately trusted by default.
- A revocation certificate has been created by default at /home/jdoe/.gnupg/openpgp-revocs.d/F5890F08068C5251DEC5CB915A24FA122E623651.rev. Print it out and keep it private, in case your key gets compromised or lost.
- The key has the (long) ID: 0x5A24FA122E623651.
- The fingerprint of the key is: F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651.
Generate the Subkeys
Apart from the key size the attributes for the subkeys can be the same as for the primary key. The key size depends on how you are going to use the subkeys. If you want to use the subkeys on a smart card, the maximum length of the key might be limited due to hardware limitations. Also the run time of key operations on a smart card might differ with different key sizes. As GnuPG defaults to 3072 bits, the example uses 3072 bits for the subkeys.
To generate the subkeys use the following command:
|
1 2 3 4 5 6 7 8 9 10 11 |
$ gpg --expert --edit-key 0x5A24FA122E623651 Secret key is available. sec rsa4096/0x5A24FA122E623651 created: 2019-01-04 expires: 2021-01-03 usage: C trust: ultimate validity: ultimate [ultimate] (1). John Doe <john.doe@example.com> |
Generate signature key
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) Requested keysize is 3072 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Sun 03 Jan 2021 16:48:46 CET Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. sec rsa4096/0x5A24FA122E623651 created: 2019-01-04 expires: 2021-01-03 usage: C trust: ultimate validity: ultimate ssb rsa3072/0x2C0CC4A184234A5A created: 2019-01-04 expires: 2021-01-03 usage: S [ultimate] (1). John Doe <john.doe@example.com> |
Generate encryption key
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 6 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) Requested keysize is 3072 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Sun 03 Jan 2021 16:52:07 CET Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. sec rsa4096/0x5A24FA122E623651 created: 2019-01-04 expires: 2021-01-03 usage: C trust: ultimate validity: ultimate ssb rsa3072/0x2C0CC4A184234A5A created: 2019-01-04 expires: 2021-01-03 usage: S ssb rsa3072/0x87264AAEEB639812 created: 2019-01-04 expires: 2021-01-03 usage: E [ultimate] (1). John Doe <john.doe@example.com> |
Generate authentication key
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 |
gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) (7) DSA (set your own capabilities) (8) RSA (set your own capabilities) (10) ECC (sign only) (11) ECC (set your own capabilities) (12) ECC (encrypt only) (13) Existing key Your selection? 8 Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Sign Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? s Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Encrypt (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? e Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? a Possible actions for a RSA key: Sign Encrypt Authenticate Current allowed actions: Authenticate (S) Toggle the sign capability (E) Toggle the encrypt capability (A) Toggle the authenticate capability (Q) Finished Your selection? q RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (3072) Requested keysize is 3072 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 2y Key expires at Sun 03 Jan 2021 16:52:42 CET Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. sec rsa4096/0x5A24FA122E623651 created: 2019-01-04 expires: 2021-01-03 usage: C trust: ultimate validity: ultimate ssb rsa3072/0x2C0CC4A184234A5A created: 2019-01-04 expires: 2021-01-03 usage: S ssb rsa3072/0x87264AAEEB639812 created: 2019-01-04 expires: 2021-01-03 usage: E ssb rsa3072/0x5027A7FB918DF7CE created: 2019-01-04 expires: 2021-01-03 usage: A [ultimate] (1). John Doe <john.doe@example.com> |
Quit and save
|
1 2 3 |
gpg> quit Save changes? (y/N) y |
List your new GnuPG key
You can list your key with the following command:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ gpg --list-keys 0x5A24FA122E623651 pub rsa4096/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03] Key fingerprint = F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651 uid [ultimate] John Doe <john.doe@example.com> sub rsa3072/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03] sub rsa3072/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03] sub rsa3072/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03] |
And the secret keys can be shown as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ gpg --list-secret-keys 0x5A24FA122E623651 sec rsa4096/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03] Key fingerprint = F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651 uid [ultimate] John Doe <john.doe@example.com> ssb rsa3072/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03] ssb rsa3072/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03] ssb rsa3072/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03] |
Note:
- sec indicates the secret key.
- ssb indicates a secret subkey.
- The letters in square brackets stand for the key capability: Certify, Encrypt, Sign and Authenticate.
Backup your GnuPG key
After generating the key you need to create a backup. The backup is best stored on an encrypted USB flash device.
Export public and private keys
At first export the public key, so it can be shared with others:
|
1 |
$ gpg --export --armor 0x5A24FA122E623651 > 0x5A24FA122E623651.pub.asc |
Next export all secret keys (primary and subkeys) . This key should be kept offline. The primary key is needed for key certification.
|
1 |
$ gpg --export-secret-keys --armor 0x5A24FA122E623651 > 0x5A24FA122E623651.sec.asc |
At last export the secret subkeys (keep private, import for daily usage).
|
1 |
$ gpg --export-secret-subkeys --armor 0x5A24FA122E623651 > 0x5A24FA122E623651.sec_sub.asc |
Remove Primary Key from Keyring
Since the primary key is not used on a daily basis, it can be removed.
Delete secret keys
|
1 2 3 4 5 6 7 |
$ gpg --delete-secret-keys 0x5A24FA122E623651 sec rsa4096/0x5A24FA122E623651 2019-01-04 John Doe <john.doe@example.com> Delete this key from the keyring? (y/N) y This is a secret key! - really delete? (y/N) y |
Reimport secret subkeys
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
$ gpg --import 0x5A24FA122E623651.sec_sub.asc gpg: key 0x5A24FA122E623651: "John Doe <john.doe@example.com>" not changed gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status gpg: key 0x5A24FA122E623651: secret key imported gpg: Total number processed: 1 gpg: unchanged: 1 gpg: secret keys read: 1 gpg: secret keys imported: 1 |
Verify that the master key is absent
To verify that the primary key is absent, you can list the secret keys again:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ gpg --list-secret-keys 0x5A24FA122E623651 sec# rsa4096/0x5A24FA122E623651 2019-01-04 [C] [expires: 2021-01-03] Key fingerprint = F589 0F08 068C 5251 DEC5 CB91 5A24 FA12 2E62 3651 uid [ultimate] John Doe <john.doe@example.com> ssb rsa3072/0x2C0CC4A184234A5A 2019-01-04 [S] [expires: 2021-01-03] ssb rsa3072/0x87264AAEEB639812 2019-01-04 [E] [expires: 2021-01-03] ssb rsa3072/0x5027A7FB918DF7CE 2019-01-04 [A] [expires: 2021-01-03] |
Note the hash (#) after the sec tag which indicates that the primary key is currently not usable.
Congratulations! You can now use your key. Stay tuned for the next part of the OpenPGP blog series!
