Linux create your own GnuPG private and public key

last updated in Categories Debian Linux, Gentoo Linux, GNU/Open source, Howto, Linux, RedHat/Fedora Linux, Security, Tips, Ubuntu Linux, UNIX

GNU gpg is encryption and signing tool.

The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software.

GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ↔ ‘owner’ identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

How do I create my own GnuPG private and public key

1) Login to your shell account

2) Use gpg command to create the keys
$ gpg --gen-key
Output:

gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: directory `/home/vivek/.gnupg' created
gpg: new configuration file `/home/vivek/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/vivek/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/vivek/.gnupg/secring.gpg' created
gpg: keyring `/home/vivek/.gnupg/pubring.gpg' created
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? Press [Enter] Key
DSA keypair will have 1024 bits.
ELG-E keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) Press [Enter] Key
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
        = key expires in n days
      w = key expires in n weeks
      m = key expires in n months
      y = key expires in n years
Key is valid for? (0) Press [Enter] Key
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) "

Real name: Vivek Gite
Email address: vivek@nixcraftcorp.com
Comment:[Enter] key
You selected this USER-ID:
    "Vivek Gite "

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

Enter passphrase: [Enter password twice]
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++....+++++++++++++++..++++++++++..++++++++++...++++++++++++++++++++.+++++++++++++++++++++++++++++++++++.+++++..++++++++++++++++++++.++++++++++..+++++.+++++.+++++>+++++....+++++>.+++++...................................................................+++++^^^^^^^^^^^
gpg: /home/vivek/.gnupg/trustdb.gpg: trustdb created
gpg: key 8E19F126 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   1024D/8E19F126 2007-02-10
      Key fingerprint = A7AF E25D 3E8D 6946 37CC  8CCE 12C4 8DC1 8E19 F126
uid                  Vivek Gite 
sub   2048g/032824B9 2007-02-10

3) Now keys generated, you can list your own key using:
$ gpg -K
OR
$ gpg --list-keys
Output:

/home/vivek/.gnupg/pubring.gpg
------------------------------
pub   1024D/CA7A8402 2007-02-10
uid                  Vivek Gite 
sub   2048g/0A7B4F93 2007-02-10

Let us try to understand the line pub 1024D/CA7A8402 2007-02-10:

  • pub : Public key
  • 1024D : The number of bits in the key
  • CA7A8402 : The key ID
  • 2007-02-10 : The date of key creation
  • Vivek Gite : The user real name
  • <vivek@nixcraftcorp.com> : The email id

Most important is the key ID i.e. CA7A8402. Make sure you use powerful passphrase to protect keys and not the easy one.

4) To list secret key, type the command:
$ gpg --list-secret-keys
Output:

/home/vivek/.gnupg/secring.gpg
------------------------------
sec   1024D/CA7A8402 2007-02-10
uid                  Vivek Gite 
ssb   2048g/0A7B4F93 2007-02-10

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

3 comment

  1. Nice tut.. Can we use the same gpg key for two different logins.. If so, what is the procedure?

  2. Dear sir,
    The work you done here is fantastic . I can understand upto this point (private and public key creation) . Do you can please explain it further , I mean how to use this keys in a real world scenario. If you can let me know in my id : anes(dot)pa(at)gmail(dot)com.

    Thanks
    Anes

  3. hello

    why does the output of
    #gpg –list-keys
    and
    gpg –list-secret-keys are same ??

    secret key should show up the private key ?

    if not then where can I find my private key because I wanna take the backup of it.

    Thanks

    Have a question? Post it on our forum!