Generating a New Key Pair

To be able to exchange encrypted messages with other users, first generate your own key pair. One part of it—the public key—is distributed to your communication partners, who can use it to encrypt the files or e-mail messages they send. The other part of the key pair—the private key—is used to decrypt the encrypted contents.

[Important]Private Key versus Public Key

Only you should have access to the private key. Do not grant other users access to this data.

Your private key is protected with a passphrase. Choose the passphrase carefully: do not use words from a dictionary, and mix alphabetic with non-alphabetic characters.

To create a new pair, proceed as follows:

  1. Start KGpg from the main menu or press Alt+F2 and enter kgpg. When you start the program for the first time, a wizard appears, guiding you through the configuration. Follow the instructions up to the point where you are prompted to create a key.

  2. Select Keys+Generate Key Pair, if you want to create a new key pair.

    Figure 7.1. KGpg: Creating a Key

    KGpg: Creating a Key

  3. Enter a name, an e-mail address, and optionally, a comment. If you do not like the default settings provided, also set the expiration time for the key, the key size, and the encryption algorithm used.

  4. To generate a standard key, confirm your settings with OK. After clicking OK, a dialog prompts you to enter a passphrase twice. The passphrase protects your private key. The relative strength of your chosen password is measured and displayed by the Password strength meter. The key pair will be generated. This can take some time.

    [Note]Expert Mode

    If you are an experienced user, use the Expert Mode to define additional options. This takes you to a terminal window where you can set the type of key to be generated, the key size (in bits) and the date of expiration. After entering your name and email address, you are prompted for a passphrase to protect your private key.

  5. After the key generation is finished, a summary will be displayed. Save and print the revocation certificate and keep it in a save place. You will need the certificate to revoke your passphrase if you forgot it. After you have confirmed with OK, KGpg displays its main window and you are finished.

    Figure 7.2. KGpg Main Window: Key Management

    KGpg Main Window: Key Management

The main window shows the keys that belong to your key ring: your own key and the keys from other persons that you have already imported. As GnuPG uses a more sophisticated implementation of key pairs, for each user name, several sub keys are displayed but these can be neglected for the purpose of this chapter. Apart from some other details (like expiration date or creation date of the key and the ID), the main windows also shows the level of trust for each key, indicated by colors. White means that the trust level is unknown, blue indicates a high level of trust. For more information, see Section 7.4.2, “Trusting Keys”.

[Note]KGpg Icon and Main Window

When you start KGpg in later sessions, only a small icon with a padlock appears in the system tray. Click that icon to display the main KGpg window on your desktop.