How to generate an OpenPGP key
Requirements
In order to follow this procedure, ensure you meet with the following minimum requirements:
- An access to a linux terminal machine;
- The OpenPGP package installed on the linux machine;
- The OpenPGP key to generate requirements: Algorithm, strength …
Generate a new OpenPGP key pair
Whether or not you need to set a passphrase will depend on why you are making this keypair.
Organization Account Recovery: In this case you want to set a passphrase.
Server GPG keys: In this case you do not want to set a passphrase.
Execute the following command to generate a new OpenPGP key pair.
gpg --full-generate-key
This command will run an interactive wizard that will help you define the key settings:
- Select the key type, by instance: RSA.
- If RSA was chosen, select the keysize, by instance for a strong key: 3072.
- Select the expiration time, by instance for “no expiry”: 0. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing.
- Confirm the key type information.
- Enter a name, by instance: Ada Lovelace.
- Enter an email, by instance: [email protected].
- Enter a comment, it is optional. It will only help you to identify a key in the keyring if similar name or email chosen.
- Confirm the key meta information.
- If you are creating an Organization Account Recovery key pair set a passphrase, if this is for the server GPG key pair do not set a passphrase
Once the key generated, the key will be stored in the keyring of the user you authenticated with and OpenPGP will output the details of the newly generated key.
public and secret key created and signed.
pub rsa3072 2022-08-04 [SC]
F5B94A730D636A18815046C1408B779FE1951A9A
uid Ada Lovelace <[email protected]>
sub rsa3072 2022-07-28 [E]
The output contains a 40 characters long identifier (F5B94A730D636A18815046C1408B779FE1951A9A) that represents the key fingerprint, note it down, it will be useful later to identify the key in the keyring.
Export an OpenPGP key pair
Export an OpenPGP public key
Execute the following command to export a public key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint from the OpenPGP keyring into a file in armor format.
gpg --armor --export F5B94A730D636A18815046C1408B779FE1951A9A > public.key
Export an OpenPGP private key
Execute the following command to export a private key having F5B94A730D636A18815046C1408B779FE1951A9A as fingerprint from the OpenPGP keyring into a file in armor format.
gpg --armor --export-secret-keys F5B94A730D636A18815046C1408B779FE1951A9A > private.key
Not finding what you are looking for? You can also ask the community on the forum.
Talk to a humanOther frequently asked questions in the same category
- How to create and setup an account
- What can I do if my registration token expired?
- How can I change the profile picture
- How to copy a password to clipboard
- Password basics
- Managing your favorites
- How to share passwords
- How to import passwords from a csv or kdbx file
- How to install and remove browser extensions
- How to disable your browser/mobile built-in password manager
- How to use tags (PRO)
- Roles and permissions FAQ
- Roles and permissions
- How to subscribe to the account recovery program?
- How to review an account recovery request
- How to generate an OpenPGP key
- How to recover my passphrase?
- How to recover an account?