Creating OpenPGP Keys

OpenPGP is a non proprietary protocol for encrypting e-mail with the use of public key cryptography based on PGP. It defines standard formats for encrypted messages, signatures, private keys and certificates for exchanging public keys.

Public key cryptography is a concept which involves the use of two keys: a public key, that you can give to anyone with whom you would like to communicate, and a private key which is private and must be kept secret.

To create OpenPGP keys:

  1. Choose File ▸ New...
  2. Select PGP Key and click Continue
  3. Enter your full name (first - last), your e-mail address and any additional information. You can also specify advanced options for the key: see below.
  4. Click Create to create the new key pair.
  5. The Passphrase for New PGP Key dialog will open. Enter the passphrase twice for your new key.

Use similar practices to generating a strong password when choosing a passphrase. The main difference between a password and a passphrase is that, in a passphrase, spaces are valid characters.

3.1. Advanced options

Expand the Advanced key options section to specify the following options for a new key:

Encryption Type

This field specifies the encryption algorithms used to generate your keys.

DSA ElGamal

This is the suggested choice as it will allow you to encrypt, decrypt, sign and verify as needed.

DSA

Will allow signing only.

RSA

Will allow signing only.

Key Strength (bits)

This is the length of the key in bits. The longer the key, the more secure it will be, provided a strong passphrase is used. Conversely, performing any operation with a longer key will require more time than it would with a shorter key. Acceptable values are between 1024 and 4096 bits. At least 2048 bits is recommended.

Expiration Date

This is the date at which the key will cease to be usable for performing encryption or signing operations. 6 months is a reasonable time to set it to. You will have to either change the expiration date or generate a new key or subkey after this amount of time passes.

Sign your new key with your old one before it expires to preserve your trust status.