How to create PGP keys to encrypt and sign files

2022-01-31
Mirsad

Pretty Good Privacy (PGP) is an encryption system used for both sending encrypted emails and encrypting sensitive files. Since its invention back in 1991, PGP has become the de facto standard for email security.

The popularity of PGP is based on two factors. The first is that the system was originally available as freeware, and so spread rapidly among users who wanted an extra level of security for their email messages. The second is for using public-key cryptography, or asymmetric cryptography, which is a cryptographic system that uses pairs of keys. Each pair consists of a public key (which may be known to others) and a private key (which may not be known by anyone except the owner).

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encryption and decryption. Example of symmetric encryption you can see here.

Generate a PGP Keypair

In our case we will be using GnuPG, also available for windows users. In our case default environment is Linux. So open the console and run:

gpg --full-generate-key

It will prompt with following options:

Please select what kind of key you want:
  (1) RSA and RSA (default)
  (2) DSA and Elgamal
  (3) DSA (sign only)
  (4) RSA (sign only)
 (14) Existing key from card

We have selected RSA and RSA (default).

Now, it prompts for the size of the key between 1024 and 4096.

We will chose 4096 bits long.

RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits

Now, it will prompt for the validity of the key.

Please specify how long the key should be valid.
        0 = key does not expire
     <n>  = key expires in n days
     <n>w = key expires in n weeks
     <n>m = key expires in n months
     <n>y = key expires in n years
Key is valid for? (0)

Zero (0) is the default meaning that our key pair will never expire. You can hit enter to select 0. Confirm that everything is correct.

Now, enter the name, email address, and comment. Name can be the name of a person, product, or company. You can leave the comment blank.

GnuPG needs to construct a user ID to identify your key.
Real name:

Let's see the info structure that is available publicly:

Name: Your name Comment: (Ethical hacker) Email: <your@mail.com>

After validating information a prompt will open for the passphrase, enter the strong passphrase, and hit enter.

Now we can export public key:

pub   rsa4096 2017-02-02 [SC]
uid           [ unknown] alvosec <info@alvosec.com>
sub   rsa4096 2017-02-02 [E]

Take key ID and run:

gpg --export -a <key-id> > public.key

Or you can run with armor option to create ascii output:

gpg --output alvosec-pgp.asc --armor --export info@alvosec.com

Secure Your PGP Key

Important! If you fail to back up or otherwise secure your key, any hardware failure will lead to complete loss of your key pairs.

Consider creating revocation certificate that is used to mark your key as invalid - in case you lost your secret key, or that your key has been compromised. You can simply run:

gpg --output revoke.asc --gen-revoke <key-id>

After you get:

sec  rsa4096/4B0403CFC4FE5A8D 2017-02-02 alvosec <info@alvosec.com>

Create a revocation certificate for this key? (y/N)

Press y and you are done. Enjoy using PGP keys, you can also send us your first message using PGP key-pairs, here is our public key.

Join our team

If you're interested in joining our team to assist in researching modern threats across web3, please don't hesitate to reach out to us.

Contact Us

Ready for Action?

Don’t hesitate to contact us if you need more information.
Let's Go!
ALVOSEC
BTC: bc1qnn4zfqqtexl4fkjk2vz6tk74sn92x326wwn0ph

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram