GPG(3)

Key Management

In This Section 

Return to Table of Contents

Key Generation (gpg [–options] –gen-key)

Before you can receive encrypted messages and files from others or digitally sign files and messages to send to others, you must generate a keypair for yourself. A keypair consists of a public key — which others use to encrypt messages to you and to verify signatures that you make — and a secret key (often called a private key) — which you use to decrypt messages sent to you by others and to sign files and messages that you send to others. (For more information on encryption, ciphers, and keys, see the GNU Privacy Handbook.)

The key generation process in GPG involves several steps and requires you to make a several important decisions along the way. We start the key generation process with the –gen-key command.

D:\Programs\gnupg>gpg --gen-key

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) ElGamal (sign and encrypt)
(5) RSA (sign only)
Your selection?

The first choice we must make is the type of key to generate. As this is our first keypair, we should generate a keypair that can be used to both sign and encrypt, which means we’ll choose option (1) or (4). We’ll choose (1) DSA/ElGamal (default). DSA/ElGamal keypairs include a DSA master signing key and an ElGamal encryption subkey. Both the master signing key and the encryption subkey will have public and secret keys. (For a discussion of DSA/ElGamal keypairs, see the Note on Key Types & Subkeys section below.) 

Next we choose a keysize. Note that we are choosing the size for the ElGamal encryption subkey — the size of the master DSA signing key is fixed at 1024 bits.

Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 2048
Requested keysize is 2048 bits

The larger the keysize, the stronger the key and the more robust the encryption used for messages and files. The minimum keysize you ought to consider using is 2048 bits. The largest keysize you can choose is 4096 bits.(An intermediate step between the two would be 3072 bits.) (For more information on key sizes, see the GNU Privacy Handbook.)

GPG now asks us to specify an expiration. We can always revoke our key in the future should we decide to, so we’ll choose no expiration. (For more information on expiration dates, see the GNU Privacy Handbook.)

Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? Y

Next, we must create a User ID for our keypair. The User ID is a kind of name tag for our keypair. It lets those who get our public key know who that public key belongs to. The User ID, in other words, identifies us as the owner of the keypair. GPG asks us for a name and email address to create the User ID. We can change both at a later time should we need to.

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: George P. Gumbel
Email address: gpgumbel@cowtownu.edu
Comment:
You selected this USER-ID:
"George P. Gumbel <gpgumbel@cowtownu.edu>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

Finally, we must specify a passphrase for our secret key (private key). This passphrase is critical, as GPG uses it to protect and control access to our secret key. If your passphrase is compromised or broken, anyone who gets a hold of your secret key will be able to use it to decrypt messages sent to you and to sign files sent to others just as if they were you.

A strong passphrase should consist of a mix of upper and lowercase letters, numbers, and non-standard keyboard characters. Your passphrase should not use familiar names and numbers (e.g., names of friends and family, names of pets, social security numbers, etc.). It should also avoid repeated characters as much as possible. Finally, your passphrase should be long (a standard 8 character password will not suffice) and yet easy to memorize.

You need a Passphrase to protect your secret key.

Enter passphrase: My_31337_Passphrase
Repeat passphrase: My_31337_Passphrase

GPG asks you to enter your passphrase twice. As you type, GPG will not "echo" what you type on screen. If what you type differs even slightly from the first time to the second time, GPG will ask you to type your passphrase from scratch. 

Once you successfully enter a passphrase, don’t forget it. If you forget your passphrase, you’ll lose access to your own secret key, and you won’t be able to regain access to it. Also, don’t write it down anywhere.  If other people learn your passphrase, your secret key will no longer be secret, and those persons will be able to decrypt and read all of your encrypted messages and files. They’ll also be able to sign messages and files just as if they were you.

After confirming your passphrase, GPG generates a keypair for you. While it is generating a keypair, GPG asks you to move the mouse around and type randomly on the keyboard in order to generate "seed" data to randomize the key generation process (thus making your keypair stronger and harder to break). 

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++.+++++++++++++++..++++++++++.+++++++++++++++.+++++++++++++++++
++++++++++..+++++++++++++++++++++++++++++++++++.++++++++++>++++++++++>++
.....+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
++++++++++++++++++++.++++++++++++++++++++...++++++++++++++++++++..++++++
+.+++++...++++++++++++++++++++.+++++++++++++++++++++++++.++++++++++.++>.
++++++++++..............................................................
........................................>...+++++.......................
...............................................................+++++^^^^
^^^^^
public and secret key created and signed.
key marked as ultimately trusted.

pub 1024D/0A484ECB 2002-05-26 George P. Gumbel <gpgumbel@cowtownu.edu>
Key fingerprint = 572B 8AA3 075D 1E6E 5B80 D9CB CE18 FB44 0A48 4ECB
sub 2048g/C31174A2 2002-05-26


D:\Programs\gnupg>

Once GPG has finished generating a keypair, it adds the keypair (both the public and secret keys) to our keyring.. Notice that GPG has signed our public key with our secret key (an act known as self-signing) and has marked our public key as "ultimately trusted." (See the GNU Privacy Handbook for more information on the Web of Trust.)

Now that you’ve generated a keypair, you ought to consider creating a revocation certificate as well.

(For more information on generating keypairs, see the GNU Privacy Handbook.)

A Note on Key Types & Subkeys

The DSA/ElGamal keypair that we generated above consists of a public key and a secret key (or private key). It also has a special type of key known as a subkey (which has its own public and secret keys). Subkeys are often used to encrypt, but not sign. DSA/ElGamal keypairs are a common combination of master signing key and encryption subkey. In some cases, as was the case with our DSA/ElGamal keypair, GPG will create the necessary subkey for you when you generate a keypair. In other cases  you will have to create a subkey yourself, depending on the type of keypair you choose to generate.

DSA & ElGamal Keypairs

When you select choice (1) (DSA and ElGamal) from the key type menu, GPG automatically creates a keypair consisting of a DSA master signing key and an ElGamal encryption subkey. (ElGamal keys are a variant of the Diffie-Hellman keys familiar to PGP users.) Each key on your keypair will be used for a particular task (signing or encryption). Moreover, each will probably be different in size: the DSA master signing key is limited to 1024 bits (GPG sets this size automatically); the ElGamal encryption subkey can be up to 4096 bits (GPG allows you to set this size yourself).

GPG lists the master signing key and encryption subkey separately when providing basic information about your keypair (such as with the –edit-key command).

D:\Programs\gnupg>gpg --edit-key george

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

gpg: checking the trustdb
gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/7
gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
pub 1024D/0A484ECB created: 2002-05-26 expires: never trust: u/u
sub 2048g/C31174A2 created: 2002-05-26 expires: never

(1). George P. Gumbel <gpgumbel@cowtownu.edu>

Command>

Notice that the main public key (pub) is a DSA (D) signing key of 1024 bits; the ElGamal (g) encryption subkey (sub) is 2048 bits and is listed separately. (You might compare these two keys with the single key from the RSAv4 key generation example below.)

When using your DSA/ElGamal keypair to encrypt or sign, GPG (and PGP) automatically selects the proper key (master key or subkey) to use.

RSAv4 Keypairs (Sign & Encrypt)

Keypairs do not have to include an encryption subkey. It is possible to create an RSAv4 keypair, for example, that consists of but one key which is used both to sign and encrypt. RSAv3 keys (discussed below) also use a single signing and encryption key. 

By default, though, GPG will not let you create RSAv4 keypairs with a single signing and encryption key. Since we’re using the "Nullify" build of GPG 1.0.7, we can get a wider range of choices for key types by using the –expert option in conjunction with the –gen-key command.

D:\Programs\gnupg>gpg --expert --gen-key

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) ElGamal (sign and encrypt)
(5) RSA (sign only)
(7) RSA (sign and encrypt, not recommended)
Your selection? 7

Notice the new choice (7): an RSAv4 keypair that can encrypt and sign. With the –expert option, we now have three choices for keypairs that can encrypt and sign.

If we choose (7) RSA (sign and encrypt), GPG will create a keypair with a single signing and encryption key. Once we’re finished creating the keypair, we can edit it (–edit-key) and view basic information about the key. 

D:\Programs\gnupg>gpg --edit-key gpgumbel@cowtownu.edu

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

pub 2048R/32E3B3DF created: 2002-05-14 expires: never trust: u/u
(1). George P. Gumbel <gpgumbel@cowtownu.edu>

Command>

Note that there is no subkey — only a single key used to sign and encrypt.

RSAv4 keypairs with single signing and encryption keys are not recommended, however.  Re-using an RSA key for encryption and signing exposes the key to potential cryptoanalytic attacks. If you’re interested in generating an RSAv4 keypair, you’d be better off generating an RSAv4 keypair with a master signing key and an encryption subkey. For a discussion of this type of RSAv4 keypair, see the next section.

RSAv4 Keypairs (w/ Encryption Subkey)

Although we generated an RSAv4 keypair in the previous section, we generated a special kind of RSAv4 keypair that uses a single key for encryption and signing. Here is the RSAv4 key from our example above:

public and secret key created and signed.
key marked as ultimately trusted.

pub 2048R/32E3B3DF 2002-05-14 George P. Gumbel <gpgumbel@cowtownu.edu>
Key fingerprint = 448E D686 3AFC 8148 07E9 1DD3 329E D4B4 32E3 B3DF


D:\Programs\gnupg>

A single RSA key for encryption and signing is not recommended because of its vulnerability to certain types of attacks. In fact, the only way we were able to generate such a key was with the –expert option. 

Normally, to generate an RSAv4 keypair, we would select choice (5) from the default menu of key types. Without the –expert option, choice (5) is RSA (sign only). After creating the master signing key, we can generate an encryption subkey.

D:\Programs\gnupg>gpg --gen-key

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) ElGamal (sign and encrypt)
(5) RSA (sign only)
Your selection?

When it has finished generating the RSA master signing key, GPG warns us that the key can be used for digital signatures only.

public and secret key created and signed.
key marked as ultimately trusted.

pub 2048R/01B4D4E6 2002-05-20 Bob Bone <bobbone@cowtownu.edu>
Key fingerprint = FD87 06D4 9537 DBA8 DB34 7C94 2A4D 50AC 01B4 D4E6

Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a secondary key for this purpose.


D:\Programs\gnupg>

As GPG recommends, we can create an RSA encryption subkey. To create a subkey, use the –edit-key command and issue the addkey command from the –edit-keycommand line. GPG will ask for our passphrase before it allows us to make changes to our keypair.

D:\Programs\gnupg>gpg --edit-key bob

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Secret key is available.

gpg: checking the trustdb
gpg: checking at depth 0 signed=1 ot(-/q/n/m/f/u)=0/0/0/0/0/5
gpg: checking at depth 1 signed=0 ot(-/q/n/m/f/u)=1/0/0/0/0/0
pub 2048R/01B4D4E6 created: 2002-05-20 expires: never trust: u/u
(1). Bob Bone <bobbone@cowtownu.edu>

Command> addkey

Key is protected.

You need a passphrase to unlock the secret key for
user: "Bob Bone <bobbone@cowtownu.edu>"
2048-bit RSA key, ID 01B4D4E6, created 2002-05-20

Enter passphrase: My_31337_Passphrase

GPG then asks what kind of subkey type we want to generate.

Please select what kind of key you want:
(2) DSA (sign only)
(3) ElGamal (encrypt only)
(4) ElGamal (sign and encrypt)
(5) RSA (sign only)
(6) RSA (encrypt only)
Your selection? 6

We’ll choose (6) RSA (encrypt only), a choice that did not appear when we originally generated our master signing key above. Next we specify a keysize and expiration for the subkey.

What keysize do you want? (1024) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct (y/n)? Y

Finally, GPG confirms our choice and generates the subkey. You probably noticed that GPG did not ask us for information to create a User ID — that’s because the master signing key already has a User ID.

Really create? Y
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
....+++++

pub 2048R/01B4D4E6 created: 2002-05-20 expires: never trust: u/u
sub 2048R/89EFD32C created: 2002-05-20 expires: never
(1). Bob Bone <bobbone@cowtownu.edu>

Command> save

D:\Programs\gnupg>

Now our RSA keypair has an encryption subkey (sub). Don’t forget to save your changes.

If we had neglected to generate an encryption subkey and simply distributed our public key "as is," other people wouldn’t have been able to use it to encrypt messages to us (they could have used it only to verify digital signatures from us). If they attempted to use our key to encrypt, they would receive an error message from GPG.

D:\TEMP>gpg --recipient bob --encrypt my-file.txt

gpg: bob: skipped: unusable public key
gpg: my-file.txt: encryption failed: unusable public key

D:\TEMP>

Whether you choose to generate an RSAv4 keypair that uses the same key for encryption and signing or an RSAv4 keypair with a  master signing key and an encryption subkey is up to you. Remember, though, that most crypto experts recommend not re-using the same RSA key for encryption and signing.

RSAv3 Keypairs

The "Nullify" build of GPG 1.0.7 (which was compiled with the RSAv3 key patch) allows you to generate RSAv3 keys, RSAv3 keys (known to PGP 7.x users as "RSA legacy keys") are PGP 2.6.x compatible. RSAv3 keys use a single key for encryption and signing — there are no subkeys. RSAv3 keys are not recommended for precisely this reason — re-using an RSA key for encryption and signing exposes the key to potential cryptoanalytic attacks. (This is the same reason that standard RSAv4 keys use a master signing key and an encryption subkey, as we discussed in the previous section.)

Since we’re using the "Nullify" build of GPG 1.0.7 (which was compiled with the RSAv3 key patch), we can use the –expert and –pgp2 options in order to generate a PGP 2.6 compatible RSAv3 keypair.

D:\Programs\gnupg>gpg --expert --pgp2 --gen-key

gpg (GnuPG) 1.0.7; Copyright (C) 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) ElGamal (sign and encrypt)
(5) RSAv3 (sign and encrypt, PGP 2.6 compatible, not recommended)
Your selection? 5

Notice choice (5), which is now slightly different from the "original" choice (5) RSA (sign only). Instead of RSAv4 keypair that can sign only, choice (5) is now an RSAv3 keypair that can sign and encrypt.

Once GPG finishes generating an RSAv3 keypair, it will erroneously warn you that the key cannot be used for encryption.

public and secret key crea

Advertisements
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s