PGP encryption (also known as GPG encryption) keeps your files secure. Sometimes you may need to generate or manage PGP key in Linux. In this article, we will look at how to generate PGP key in Ubuntu.
How to Generate PGP Key in Ubuntu
Here are the steps to generate PGP key in Ubuntu. We will use Gnupg tool for this purpose.
1. Install gnupg
Open terminal and run the following command to install gnupg tool.
$ sudo apt update $ sudo apt install gnupg
2. Generate Key
Run the following command to generate PGP key. We will be generating a PGP public key as well as a private key. Keep your private key safe with you and don’t share it with anyone. On the other hand, public key enables you to perform encryption, decryption, signature and verification of files. It is meant to be shared with others.
$ sudo gpg --gen-key
You will be asked a set of questions about the kind of key to be generated. You can enter default options for them.
Let us look at them in detail. For GnuPG 1.4.10 and newer, you will see the following options. Select option 1
Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only)
If you are using older version, you will see the following options. In this case, select option 1.
Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only)
Next you will see the following question. Select 2048 option, or just hit enter.
What keysize do you want? (2048)
Next you will be asked for the validity of your key. Enter 0 to keep it valid forever.
Key is valid for? (0)
You will be asked for confirmation. Hit Y to confirm.
Next, enter Real name, email and comment when asked. Type 0 to continue.
Next, enter a passphrase to continue. You will be asked to enter it twice. If you don’t want to use a passphrase, just hit enter both times.
You will be asked to tap keyboard for randomization process to begin, and ensure that no bots are generating these keys.
Finally, you will see a screen like the following.
gpg: key D8EC56D2 marked as ultimately trusted public and secret key created and signed. pub 1024D/D8EC56D2 2005-09-08 Key fingerprint = 94BD 8477 2444 DD5F 24B5 2437 046E 44A6 D4FC 64D2 uid Dennis Mento <firstname.lastname@example.org> sub 2048g/389AA63E 2020-09-08
Please note your pub id 1024D/D8EC56D2 2005-09-08 above. You will need it to export PGP key.
3. Verify Keys
Verify that your keys have been generated with the following command.
4. Export PGP key
You need to upload your PGP public key to Ubuntu’s key server so that it can be downloaded by anyone. Run the following command for it. Replace 1024D/D8EC56D2 2005-09-08 with the pub id of your key pair.
gpg --keyserver keyserver.ubuntu.com --send-keys 1024D/D8EC56D2 2005-09-08
If you want to simply export the key to another person run the following command. Replace email@example.com with the email address you have used in step 2.
gpg --armor --export firstname.lastname@example.org > public_key.asc
Now you may send public_key.asc file to others. If you want to export the key to a readable text file, you may also run the following command.
gpg --armor --output key.txt --export email@example.com
Now you may send the key.txt to others.
5. Import PGP certificate into Launchpad (optional)
If you need to import PGP key into another service such as Launchpad, you need to get your public key’s fingerprint with the following command.
You will see an output as shown below from Step 2.
Key fingerprint = 94BD 8477 2444 DD5F 24B5 2437 046E 44A6 D4FC 64D2
Visit OpenPGP site. Enter the alphanumeric fingerprint ’94BD 8477 2444 DD5F 24B5 2437 046E 44A6 D4FC 64D2′
Paste it and click “Import Key” button to import your PGP key file. It will check Ubuntu key server to see if the key exists and send you an email to confirm import.
That’s it. In this article, we have looked at how to create PGP keys, export them as well as import them.