Help Search

How to generate an OpenPGP key

Requirements

In order to follow this procedure, ensure you meet with the following minimum requirements:

  • An access to a linux terminal machine;
  • The OpenPGP package installed on the linux machine;
  • The OpenPGP key to generate requirements: Algorithm, strength …

Generate a new OpenPGP key pair

Execute the following command to generate a new OpenPGP key pair.

gpg --full-generate-key

This command will run an interactive wizard that will help you define the key settings:

  1. Select the key type, by instance: RSA.
  2. If RSA was chosen, select the keysize, by instance for a strong key: 3072.
  3. Select the expiration time, by instance for “no expiry”: 0. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing.
  4. Confirm the key type information.
  5. Enter a name, by instance: Ada Lovelace.
  6. Enter an email, by instance: [email protected].
  7. Enter a comment, it is optional. It will only help you to identify a key in the keyring if similar name or email chosen.
  8. Confirm the key meta information.
  9. Define a password to protect the key, it is advised to use a strong password.

Once the key generated, the key will be stored in the keyring of the user you authenticated with and OpenPGP will output the details of the newly generated key.

public and secret key created and signed.

pub   rsa3072 2022-08-04 [SC]
      F5B94A730D636A18815046C1408B779FE1951A9A
uid                      Ada Lovelace <[email protected]>
sub   rsa3072 2022-07-28 [E]

The output contains a 40 characters long identifier (F5B94A730D636A18815046C1408B779FE1951A9A) that represents the key fingerprint, note it down, it will be useful later to identify the key in the keyring.

Export an OpenPGP key pair

Export an OpenPGP public key

Execute the following command to export a public key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint from the OpenPGP keyring into a file in armor format.

gpg --armor --export F5B94A730D636A18815046C1408B779FE1951A9A > public.key

Export an OpenPGP private key

Execute the following command to export a private key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint from the OpenPGP keyring into a file in armor format.

gpg --armor --export-secret-keys F5B94A730D636A18815046C1408B779FE1951A9A > private.key

Not finding what you are looking for? You can also ask the community on the forum.

Talk to a human
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!