Pretty Good Privacy (PGP) is an encryption system used for both sending encrypted emails and encrypting sensitive files. Since its invention back in 1991, PGP has become the de facto standard for email security.
The popularity of PGP is based on two factors. The first is that the system was originally available as freeware, and so spread rapidly among users who wanted an extra level of security for their email messages. The second is for using public-key cryptography, or asymmetric cryptography, which is a cryptographic system that uses pairs of keys. Each pair consists of a public key (which may be known to others) and a private key (which may not be known by anyone except the owner).
Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encryption and decryption. Example of symmetric encryption you can see here.
In our case we will be using GnuPG, also available for windows users. In our case default environment is Linux. So open the console and run:
gpg --full-generate-key
It will prompt with following options:
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(14) Existing key from card
We have selected RSA and RSA (default).
Now, it prompts for the size of the key between 1024 and 4096.
We will chose 4096 bits long.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Now, it will prompt for the validity of the key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Zero (0) is the default meaning that our key pair will never expire. You can hit enter to select 0. Confirm that everything is correct.
Now, enter the name, email address, and comment. Name can be the name of a person, product, or company. You can leave the comment blank.
GnuPG needs to construct a user ID to identify your key.
Real name:
Let's see the info structure that is available publicly:
Name: Your name Comment: (Ethical hacker) Email: <your@mail.com>
After validating information a prompt will open for the passphrase, enter the strong passphrase, and hit enter.
Now we can export public key:
pub rsa4096 2017-02-02 [SC]
uid [ unknown] alvosec <info@alvosec.com>
sub rsa4096 2017-02-02 [E]
Take key ID and run:
gpg --export -a <key-id> > public.key
Or you can run with armor option to create ascii output:
gpg --output alvosec-pgp.asc --armor --export info@alvosec.com
Important! If you fail to back up or otherwise secure your key, any hardware failure will lead to complete loss of your key pairs.
Consider creating revocation certificate that is used to mark your key as invalid - in case you lost your secret key, or that your key has been compromised. You can simply run:
gpg --output revoke.asc --gen-revoke <key-id>
After you get:
sec rsa4096/4B0403CFC4FE5A8D 2017-02-02 alvosec <info@alvosec.com>
Create a revocation certificate for this key? (y/N)
Press y and you are done. Enjoy using PGP keys, you can also send us your first message using PGP key-pairs, here is our public key.
